nmap -oX output.xml -T4 -A -v --script d:\\Vanguards\\scripts/vulscan.nse 192.168.2.20
Sun Jul 28 16:07:37 2024 - Sun Jul 28 16:08:47 2024
1 hosts scanned.
1 hosts up.
0 hosts down.
| State | Address | Hostname | TCP (open) | UDP (open) |
|---|---|---|---|---|
| up | 192.168.2.20 | 5 | 0 |
| Port | Protocol | State Reason |
Service | Product | Version | Extra Info |
|---|---|---|---|---|---|---|
| 135 | tcp | open syn-ack |
msrpc | Microsoft Windows RPC | ||
cpe:/o:microsoft:windowsvulscanVulDB - https://vuldb.com:
[167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation
[102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
[88280] Microsoft Windows DCE/RPC information disclosure
[87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation
[54547] Microsoft Windows grpconv.exe memory corruption
[20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service
[19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service
[19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service
[17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service
[17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service
[15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service
[15139] Microsoft Windows NT 4.0 RPC denial of service
[14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service
[13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation
[13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service
[9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation
[4227] Microsoft Windows Netlogon RPC Service denial of service
[4181] Microsoft Windows RPC Processor privilege escalation
[3370] Microsoft Windows RPC Authentication denial of service
[2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
[2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption
[2310] Microsoft Windows 2000 RPC weak authentication
[1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption
[900] Microsoft Windows grpconv.exe memory corruption
[884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service
[598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability
[597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service
[596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service
[331] Microsoft Windows 2000/XP RPCSS race condition
[277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption
[178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption
[154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability
[176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability
[176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability
[176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service
[176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure
[176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure
[176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service
[176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability
[176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure
[176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability
[176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service
[176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability
[176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service
[176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability
[176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure
[176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability
[176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability
[176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability
[176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure
[176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability
[176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability
[176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability
[176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability
[176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability
[176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability
[174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability
[174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure
[174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability
[174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability
[174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure
[174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability
[174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability
[174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability
[174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability
[174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability
[174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability
[174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability
[174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure
[174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service
[174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure
[174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability
[174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability
[174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability
[174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure
[174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability
[174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability
[174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability
[174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability
[174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability
[172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure
[172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability
[172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability
[172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service
[172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service
[172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability
[172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service
[172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure
[172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure
[172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure
[172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure
[172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability
[172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability
[172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability
[172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service
[172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure
[172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability
[172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability
[171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service
[171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability
[171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection
[170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service
[170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service
[170990] Microsoft Windows Admin Center unknown vulnerability
[170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management
[170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection
[170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability
[170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection
[170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication
[169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service
[169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability
[169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability
[169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service
[169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure
[169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability
[169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism
[169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service
[169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability
[169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability
[169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability
[169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability
[169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability
[169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability
[167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management
[167700] Microsoft Windows 10 up to Server 2019 RDP authorization
[167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability
[167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure
[167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure
[167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management
[167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service
[167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability
[167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability
[167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability
[167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service
[167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service
[167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation
[160951] Microsoft Windows up to Server 2019 Kernel memory corruption
[160950] Microsoft OneDrive on Windows privilege escalation
[160949] Microsoft OneDrive on Windows privilege escalation
[160948] Microsoft OneDrive on Windows privilege escalation
[160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation
[160946] Microsoft Windows up to Server 2019 TLS weak encryption
[160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization
[160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[160942] Microsoft Windows up to Server 2019 Kernel information disclosure
[160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation
[160939] Microsoft Windows up to Server 2004 InstallService privilege escalation
[160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation
[160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation
[160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation
[160925] Microsoft Windows up to Server 2019 DirectX privilege escalation
[160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[160923] Microsoft Windows up to Server 2019 GDI information disclosure
[160922] Microsoft Windows up to Server 2019 Win32k information disclosure
[160921] Microsoft Windows up to Server 2019 Win32k privilege escalation
[160920] Microsoft Windows up to Server 2019 DNS denial of service
[160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation
[160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation
[160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation
[160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation
[160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation
[160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure
[160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation
[160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources
[160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources
[160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[160898] Microsoft Windows up to Server 2019 DirectX privilege escalation
[160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service
[160892] Microsoft Windows up to Server 2019 Kernel information disclosure
[160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure
[160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation
[160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation
[160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[160883] Microsoft Windows up to Server 2019 Kernel information disclosure
[160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure
[160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation
[160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation
[160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation
[160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption
[160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure
[160871] Microsoft Windows up to Server 2019 NTFS privilege escalation
[160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication
[160869] Microsoft Windows up to Server 2019 DNS privilege escalation
[160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation
[160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation
[160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation
[160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption
[160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure
[160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation
[160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption
[160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation
[160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[160848] Microsoft Windows up to Server 2019 GDI+ memory corruption
[160847] Microsoft Windows up to Server 2019 memory corruption
[160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption
[160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption
[160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption
[159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation
[159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation
[159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation
[159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation
[159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation
[159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption
[159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation
[159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption
[159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure
[159588] Microsoft Windows up to Server 2019 CDP User memory corruption
[159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation
[159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure
[159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation
[159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159580] Microsoft Windows Remote Desktop Gateway privilege escalation
[159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption
[159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[159567] Microsoft Windows up to Server 2019 GDI memory corruption
[159566] Microsoft Windows up to Server 2019 Remote Access memory corruption
[159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation
[159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption
[159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159561] Microsoft Windows up to Server 2019 Kernel information disclosure
[159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159558] Microsoft Windows up to Server 2019 Kernel privilege escalation
[159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption
[159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation
[159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation
[159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation
[159552] Microsoft Windows up to Server 2019 CDP User memory corruption
[159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation
[159545] Microsoft Windows up to Server 2019 GDI privilege escalation
[159543] Microsoft Windows up to Server 2019 Kernel memory corruption
[159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[159541] Microsoft Windows up to Server 2019 Remote Access memory corruption
[159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption
[159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption
[159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation
[159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation
[159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation
[159524] Microsoft Windows up to Server 2019 Win32k information disclosure
[159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation
[159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation
[159513] Microsoft Windows up to Server 2019 DirectX privilege escalation
[159512] Microsoft Windows up to Server 2019 Kernel privilege escalation
[159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption
[159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption
[159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption
[159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption
[159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159433] Microsoft Windows net use weak authentication
[159426] Microsoft Windows VCF Card privilege escalation
[159425] Microsoft Windows Group File privilege escalation
[158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157995] Microsoft Windows up to Server 2019 WalletService information disclosure
[157993] Microsoft Windows up to Server 2019 WalletService privilege escalation
[157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation
[157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation
[157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation
[157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation
[157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157983] Microsoft Windows up to Server 2019 Kernel privilege escalation
[157981] Microsoft Windows up to Server 2019 Kernel information disclosure
[157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure
[157978] Microsoft Windows up to Server 2019 Kernel information disclosure
[157977] Microsoft Windows up to Server 2019 Kernel memory corruption
[157975] Microsoft Windows up to Server 2019 ALPC privilege escalation
[157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation
[157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation
[157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure
[157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure
[157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation
[157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation
[157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation
[157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157946] Microsoft Windows up to Server 2019 lnk File privilege escalation
[157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[157944] Microsoft Windows iSCSI Target Service privilege escalation
[157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation
[157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption
[157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation
[157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation
[157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation
[157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation
[157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation
[157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation
[157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation
[157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation
[157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure
[157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation
[157913] Microsoft OneDrive on Windows privilege escalation
[157895] Microsoft Windows Defender MpSigStub.exe privilege escalation
[157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[157889] Microsoft Windows up to Server 2019 Imaging information disclosure
[157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error
[157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[157885] Microsoft Windows up to Server 2019 GDI+ memory corruption
[157884] Microsoft Windows up to Server 2019 Font Library privilege escalation
[157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[157882] Microsoft Windows up to Server 2019 GDI information disclosure
[157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption
[157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service
[156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure
[156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
[156419] Microsoft Windows up to Server 2019 LNK privilege escalation
[156418] Microsoft Windows up to Server 2019 CAB File privilege escalation
[156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
[156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation
[156409] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156407] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156406] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156404] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156403] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156402] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156401] Microsoft Windows up to Server 2004 Kernel privilege escalation
[156399] Microsoft Windows up to Server 2004 Kernel privilege escalation
[156398] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156397] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156396] Microsoft Windows Windows Installer privilege escalation
[156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[156386] Microsoft Windows up to Server 2004 GDI+ memory corruption
[156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure
[156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[156381] Microsoft Windows up to Server 2004 Kernel privilege escalation
[156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156377] Microsoft Windows up to Server 2019 Registry privilege escalation
[156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156373] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation
[156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation
[156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation
[156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation
[156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service
[156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation
[156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation
[156361] Microsoft Windows up to Server 2019 Win32k information disclosure
[156360] Microsoft Windows up to Server 2004 Windows Service information disclosure
[156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure
[156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation
[156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure
[156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[156350] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation
[156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation
[156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation
[156321] Microsoft Windows Defender privilege escalation
[156320] Microsoft Windows Defender privilege escalation
[156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[156317] Microsoft Windows up to Server 2019 GDI privilege escalation
[156316] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156315] Microsoft Windows up to Server 2019 GDI information disclosure
[156314] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156313] Microsoft Windows up to Server 2019 GDI privilege escalation
[156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[156311] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156310] Microsoft Windows up to Server 2019 DirectX privilege escalation
[156309] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation
[156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation
[155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155168] Microsoft Windows up to Server 2019 GDI information disclosure
[155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155162] Microsoft Windows Clipboard Service privilege escalation
[155161] Microsoft Windows Clipboard Service privilege escalation
[155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption
[155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155150] Microsoft Windows GDI information disclosure
[155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155148] Microsoft Windows up to Server 2019 Win32k privilege escalation
[155147] Microsoft Windows up to Server 2019 GDI privilege escalation
[155146] Microsoft Windows up to Server 2019 GDI information disclosure
[155145] Microsoft Windows up to Server 2019 DirectX privilege escalation
[155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation
[155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation
[155133] Microsoft Windows up to Server 2019 TLS denial of service
[155132] Microsoft Windows up to Server 2019 CSRSS information disclosure
[155131] Microsoft Windows up to Server 2019 Kernel privilege escalation
[155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication
[155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation
[155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation
[155108] Microsoft Windows up to Server 2019 privilege escalation
[155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155105] Microsoft Windows up to Server 2019 memory corruption
[155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
[155103] Microsoft Windows up to Server 2019 information disclosure
[155100] Microsoft Windows up to Server 2019 Media Service privilege escalation
[155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption
[155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
[155091] Microsoft Windows up to Server 2019 Win32k privilege escalation
[155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation
[155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation
[155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption
[155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure
[153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation
[153278] Microsoft Windows up to Server 2019 Update Client privilege escalation
[153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation
[153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153274] Microsoft Windows up to Server 2019 Kernel information disclosure
[153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[153272] Microsoft Windows up to Server 2019 Kernel privilege escalation
[153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation
[153269] Microsoft Windows up to Server 2019 Kernel privilege escalation
[153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153264] Microsoft Windows up to Server 2019 DNS denial of service
[153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153260] Microsoft Windows Graphics Component information disclosure
[153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[153257] Microsoft Windows up to Server 2019 privilege escalation
[153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[153244] Microsoft Windows up to Server 2019 GDI+ memory corruption
[153243] Microsoft Windows up to Server 2019 Win32k information disclosure
[153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153239] Microsoft Windows up to Server 2019 Kernel information disclosure
[153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153236] Microsoft Windows up to Server 2019 GDI information disclosure
[153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure
[153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation
[153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure
[153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation
[153224] Microsoft OneDrive on Windows privilege escalation
[153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation
[153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[153212] Microsoft Windows up to Server 2019 Kernel privilege escalation
[153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153206] Microsoft Windows up to Server 2019 DirectX privilege escalation
[153204] Microsoft Windows up to Server 2019 information disclosure
[153203] Microsoft Windows up to Server 2019 privilege escalation
[153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[153198] Microsoft Windows up to Server 2019 Win32k memory corruption
[153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
[153196] Microsoft Windows up to Server 2019 Win32k memory corruption
[153195] Microsoft Windows up to Server 2019 DirectX privilege escalation
[153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption
[153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[153175] Microsoft Windows up to Server 2019 Graphics memory corruption
[152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation
[151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation
[151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation
[151164] Microsoft Windows up to Server 2019 Win32k privilege escalation
[151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[151161] Microsoft Windows up to Server 2019 GDI information disclosure
[151160] Microsoft Windows up to Server 2019 GDI information disclosure
[151158] Microsoft Windows up to Server 2019 Win32k privilege escalation
[151157] Microsoft Windows up to Server 2019 Win32k information disclosure
[151156] Microsoft Windows up to Server 2019 GDI information disclosure
[151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure
[151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation
[151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation
[151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure
[151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure
[151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure
[151141] Microsoft Windows up to Server 2019 Imaging information disclosure
[151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[151113] Microsoft Windows up to Server 2019 Win32k privilege escalation
[151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation
[151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation
[151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation
[151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[151101] Microsoft Windows up to Server 2019 GDI information disclosure
[151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[151095] Microsoft Windows up to Server 2019 Defender privilege escalation
[151094] Microsoft Windows up to Server 1909 Defender privilege escalation
[151091] Microsoft Windows up to Server 2019 DirectX privilege escalation
[151078] Microsoft Windows up to Server 2019 GDI+ memory corruption
[151077] Microsoft Windows up to Server 2019 GDI+ memory corruption
[151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151060] Microsoft Windows up to Server 2019 lnk File privilege escalation
[149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure
[149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure
[149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation
[149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation
[149955] Microsoft Windows up to Server 2019 GDI memory corruption
[149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149950] Microsoft Windows up to Server 2019 privilege escalation
[149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation
[149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
[149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation
[149944] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure
[149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[149940] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149939] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149938] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149937] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149936] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149935] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149934] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149933] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149932] Microsoft Windows up to Server 2019 Win32k information disclosure
[149931] Microsoft Windows up to Server 2016 Win32k information disclosure
[149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation
[149929] Microsoft Windows up to Server 2019 DirectX information disclosure
[149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation
[149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption
[149926] Microsoft Windows up to Server 2019 IME privilege escalation
[149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure
[149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation
[149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation
[149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation
[149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure
[149913] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[149909] Microsoft Windows up to Server 2019 COM Server privilege escalation
[149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation
[149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation
[149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation
[149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149900] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149899] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149898] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149897] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149896] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation
[149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[149883] Microsoft Windows up to Server 2019 LNK privilege escalation
[149882] Microsoft Windows up to Server 2019 memory corruption
[149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication
[148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation
[148653] Microsoft Windows up to Server 2019 Win32k privilege escalation
[148652] Microsoft Windows up to Server 2019 Media Service privilege escalation
[148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation
[148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation
[148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation
[148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation
[148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation
[148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[148626] Microsoft Windows Remote Desktop Gateway privilege escalation
[148625] Microsoft Windows Remote Desktop Gateway privilege escalation
[148614] Microsoft Windows up to Server 2019 GDI+ information disclosure
[148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[148612] Microsoft Windows Remote Desktop Credentials information disclosure
[148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure
[148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[148609] Microsoft Windows up to Server 2019 Win32k information disclosure
[148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication
[146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure
[146924] Microsoft Windows up to Server 2019 Defender memory corruption
[146879] Microsoft Windows up to Server 2019 OLE privilege escalation
[146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure
[146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure
[146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation
[146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation
[146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[146872] Microsoft Windows up to Server 2019 Kernel information disclosure
[146871] Microsoft Windows up to Server 2019 Kernel information disclosure
[146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure
[146869] Microsoft Windows up to Server 2019 GDI information disclosure
[146868] Microsoft Windows up to Server 2019 GDI information disclosure
[146867] Microsoft Windows up to Server 2019 GDI information disclosure
[146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[146858] Microsoft Windows up to Server 2019 Win32k information disclosure
[146857] Microsoft Windows up to Server 2016 Win32k privilege escalation
[146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation
[146804] Microsoft Windows Media Center XML External Entity
[145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption
[145394] Microsoft Windows up to Server 2019 Win32k information disclosure
[145393] Microsoft Windows up to Server 2019 GDI information disclosure
[145390] Microsoft Windows up to Server 2019 Win32k information disclosure
[145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation
[145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure
[145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation
[145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation
[145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure
[145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[145377] Microsoft Windows up to Server 2019 Installer privilege escalation
[145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure
[145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
[145372] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145366] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145365] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145364] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145363] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation
[145361] Microsoft Windows up to Server 2019 privilege escalation
[145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation
[145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation
[145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation
[145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure
[145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation
[145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure
[145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[145346] Microsoft Windows up to Server 2019 Kernel information disclosure
[145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145344] Microsoft Windows up to Server 2019 privilege escalation
[145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption
[145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption
[145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption
[145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation
[143118] Microsoft Windows up to Server 2019 IIS memory corruption
[143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure
[143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
[143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
[143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation
[143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption
[143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure
[143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation
[143096] Microsoft Windows up to Server 2019 Kernel information disclosure
[143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption
[143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation
[143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[143083] Microsoft Windows up to Server 2019 TLS information disclosure
[143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation
[143081] Microsoft Windows up to Server 2019 Setup privilege escalation
[143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[143077] Microsoft Windows up to Server 2019 Imaging API memory corruption
[143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation
[143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication
[143071] Microsoft Windows up to Server 2019 MS XML XML External Entity
[143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[142140] Microsoft Windows Defender File privilege escalation
[141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
[141630] Microsoft Windows up to Server 2019 memory corruption
[141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
[141627] Microsoft Windows up to Server 2019 GDI information disclosure
[141626] Microsoft Windows up to Server 2019 Win32k privilege escalation
[141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
[141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
[141621] Microsoft Windows up to Server 2019 Kernel information disclosure
[141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
[141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
[141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
[141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
[141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
[141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
[141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
[141606] Microsoft Windows up to Server 2019 Win32k privilege escalation
[141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
[141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[141603] Microsoft Windows up to Server 2019 GDI information disclosure
[141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation
[141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
[141579] Microsoft Windows up to Server 2016 DirectX information disclosure
[141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
[141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
[141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
[141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
[139965] Microsoft Windows up to Server 2019 Kernel information disclosure
[139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
[139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
[139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
[139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity
[139941] Microsoft Windows up to Server 2019 DirectX privilege escalation
[139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
[139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
[139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
[139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation
[139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
[139932] Microsoft Windows up to Server 2019 Kernel privilege escalation
[139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features
[139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
[139928] Microsoft Windows up to Server 2019 Kernel privilege escalation
[139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
[139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity
[139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation
[139911] Microsoft Windows up to Server 2019 memory corruption
[139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
[139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
[139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
[139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[139891] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139890] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139889] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139888] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139887] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139886] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
[139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139527] Microsoft Windows PowerShell privilege escalation
[137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137582] Microsoft Windows ADFS Security Feature 7PK Security Features
[137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
[137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[137562] Microsoft Windows up to Server 2019 Win32k information disclosure
[137561] Microsoft Windows up to Server 2019 GDI information disclosure
[137560] Microsoft Windows up to Server 2019 GDI information disclosure
[137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[137549] Microsoft Windows up to Server 2016 DLL privilege escalation
[137544] Microsoft Windows up to Server 2019 Kernel information disclosure
[137541] Microsoft Windows up to Server 2019 privilege escalation
[137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[137539] Microsoft Windows up to Server 2016 DirectX privilege escalation
[137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features
[137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation
[137532] Microsoft Windows DNS Server Data Processing Error
[137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
[137512] Microsoft Windows up to Server 2019 DHCP memory corruption
[136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure
[136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
[136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
[136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
[136344] Microsoft Windows up to Server 2019 GDI information disclosure
[136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136340] Microsoft Windows up to Server 2019 GDI information disclosure
[136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
[136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
[136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features
[136334] Microsoft Windows up to Server 2019 Kernel information disclosure
[136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136323] Microsoft Windows up to Server 2019 memory corruption
[136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
[136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features
[136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
[136317] Microsoft Windows up to Server 2019 Win32k privilege escalation
[136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136314] Microsoft Windows up to Server 2019 Win32k privilege escalation
[136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136312] Microsoft Windows up to Server 2019 GDI information disclosure
[136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136310] Microsoft Windows up to Server 2019 GDI information disclosure
[136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features
[136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation
[136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
[136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136284] Microsoft Windows up to Server 2019 Kernel privilege escalation
[136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption
[136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation
[136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
[136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[134744] Microsoft Windows up to Server 2019 GDI information disclosure
[134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
[134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
[134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134715] Microsoft Windows up to Server 2019 Win32k privilege escalation
[134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134710] Microsoft Windows up to Server 2019 GDI information disclosure
[134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
[134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features
[134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation
[134698] Microsoft Windows up to Server 2019 OLE privilege escalation
[134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
[133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting
[133237] Microsoft Windows Admin Center privilege escalation
[133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
[133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
[133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
[133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
[133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
[133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
[133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
[133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure
[133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133196] Microsoft Windows up to Server 2019 Win32k information disclosure
[133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
[133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption
[133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation
[133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure
[133185] Microsoft Windows up to Server 2019 Win32k privilege escalation
[133183] Microsoft Windows up to Server 2019 Win32k privilege escalation
[133182] Microsoft Windows up to Server 2019 Win32k privilege escalation
[133180] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133179] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features
[133174] Microsoft Windows up to Server 2019 GDI+ memory corruption
[133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
[133166] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133165] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133164] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133163] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133162] Microsoft Windows up to Server 2019 MS XML XML External Entity
[131685] Microsoft Windows up to Server 2019 SMB information disclosure
[131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation
[131681] Microsoft Windows up to Server 2019 Win32k privilege escalation
[131679] Microsoft Windows up to Server 2019 Kernel information disclosure
[131674] Microsoft Windows up to Server 2019 Win32k information disclosure
[131673] Microsoft Windows up to Server 2019 Kernel information disclosure
[131672] Microsoft Windows up to Server 2019 GDI information disclosure
[131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
[131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
[131658] Microsoft Windows up to Server 2019 information disclosure
[131657] Microsoft Windows up to Server 2019 memory corruption
[131653] Microsoft Windows up to Server 2019 SMB information disclosure
[131652] Microsoft Windows up to Server 2019 SMB information disclosure
[131651] Microsoft Windows up to Server 2019 Kernel information disclosure
[131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation
[131649] Microsoft Windows up to Server 2019 Kernel privilege escalation
[131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
[131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
[131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
[131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
[131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation
[131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
[131619] Microsoft Windows up to Server 2019 MS XML XML External Entity
[131616] Microsoft Windows REG File Message weak authentication
[131328] Microsoft Windows up to Server 2016 Kernel information disclosure
[130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
[130819] Microsoft Windows Kernel information disclosure
[130818] Microsoft Windows up to Server 2019 GDI information disclosure
[130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[130814] Microsoft Windows up to Server 2019 privilege escalation
[130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features
[130808] Microsoft Windows up to Server 2019 information disclosure
[130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
[130806] Microsoft Windows up to Server 2019 SMB Data Processing Error
[130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
[130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
[130803] Microsoft Windows up to Server 2019 SMB Data Processing Error
[130802] Microsoft Windows up to Server 2019 Win32k information disclosure
[130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
[130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130799] Microsoft Windows up to Server 2016 Win32k privilege escalation
[130798] Microsoft Windows up to Server 2019 GDI information disclosure
[130797] Microsoft Windows up to Server 2019 GDI information disclosure
[130796] Microsoft Windows up to Server 2019 GDI information disclosure
[130793] Microsoft Windows up to Server 2019 GDI information disclosure
[130792] Microsoft Windows up to Server 2019 HID information disclosure
[130791] Microsoft Windows up to Server 2019 HID information disclosure
[130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
[130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
[129167] Microsoft Windows VCF File memory corruption
[128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
[128749] Microsoft Windows up to Server 2019 Kernel information disclosure
[128739] Microsoft Windows up to Server 2019 Kernel information disclosure
[128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
[128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
[128736] Microsoft Windows up to Server 2019 Kernel information disclosure
[128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
[128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128728] Microsoft Windows up to Server 2019 Kernel information disclosure
[128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption
[128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation
[127881] Microsoft Windows 10 1809/Server 2019 memory corruption
[127880] Microsoft Windows up to Server 2019 Win32k privilege escalation
[127828] Microsoft Windows up to Server 2019 Win32k privilege escalation
[127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
[127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure
[127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
[127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
[127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[127820] Microsoft Windows up to Server 2019 Kernel privilege escalation
[127816] Microsoft Windows up to Server 2019 GDI information disclosure
[127815] Microsoft Windows up to Server 2019 GDI information disclosure
[127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
[127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
[127801] Microsoft Windows up to Server 2019 DNS Server memory corruption
[126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
[126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
[126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
[126736] Microsoft Windows up to Server 2019 Win32k privilege escalation
[126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
[126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation
[126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
[126725] Microsoft Windows up to Server 2019 DirectX privilege escalation
[126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
[126718] Microsoft Windows up to Server 2016 Search privilege escalation
[126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation
[126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
[126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
[125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
[125121] Microsoft Windows up to Server 2019 DirectX information disclosure
[125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
[125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
[125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
[125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
[125113] Microsoft Windows up to Server 2019 Kernel privilege escalation
[125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation
[125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features
[125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features
[125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
[125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation
[125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
[125101] Microsoft Windows Graphics Component memory corruption
[125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
[125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation
[125096] Microsoft Windows up to Server 2019 Win32k privilege escalation
[125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[125091] Microsoft Windows up to Server 2019 MS XML XML External Entity
[124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation
[123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
[123874] Microsoft Windows up to Server 2016 Kernel information disclosure
[123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
[123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation
[123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation
[123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
[123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
[123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
[123849] Microsoft Windows up to Server 2016 SMB privilege escalation
[123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
[123827] Microsoft Windows up to Server 2016 Image privilege escalation
[123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity
[123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation
[122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation
[122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation
[122884] Microsoft Windows up to Server 2016 Win32k privilege escalation
[122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation
[122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
[122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation
[122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
[122848] Microsoft Windows Security Feature 2FA 7PK Security Features
[122834] Microsoft Windows up to Server 2016 LNK privilege escalation
[122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
[122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption
[122825] Microsoft Windows up to Server 2016 Graphics privilege escalation
[121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
[121111] Microsoft Windows up to Server 2016 Kernel privilege escalation
[121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features
[121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error
[121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error
[119474] Microsoft Windows up to Server 2016 GDI information disclosure
[119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation
[119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error
[119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
[119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
[119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation
[119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119459] Microsoft Windows up to Server 2016 privilege escalation
[119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
[119456] Microsoft Windows up to Server 2016 Kernel information disclosure
[119455] Microsoft Windows up to Server 2016 memory corruption
[119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation
[119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation
[119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure
[119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation
[119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
[119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
[119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error
[119436] Microsoft Windows up to Server 2016 privilege escalation
[119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation
[117558] Microsoft Windows up to Server 2016 memory corruption
[117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
[117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation
[117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
[117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation
[116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation
[116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation
[116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error
[116031] Microsoft Windows up to Server 2016 Kernel information disclosure
[116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error
[116026] Microsoft Windows up to Server 2016 Kernel information disclosure
[116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation
[116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features
[116019] Microsoft Windows up to Server 2016 Kernel information disclosure
[116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
[115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
[114550] Microsoft Windows Kernel information disclosure
[114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features
[114547] Microsoft Windows up to Server 2016 Kernel information disclosure
[114546] Microsoft Windows up to Server 2016 Kernel information disclosure
[114545] Microsoft Windows up to Server 2016 Kernel information disclosure
[114544] Microsoft Windows up to Server 2016 Kernel information disclosure
[114543] Microsoft Windows up to Server 2016 Kernel information disclosure
[114542] Microsoft Windows up to Server 2016 Kernel information disclosure
[114541] Microsoft Windows up to Server 2016 Kernel information disclosure
[114540] Microsoft Windows up to Server 2016 Kernel information disclosure
[114536] Microsoft Windows up to Server 2016 CredSSP weak authentication
[114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features
[114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
[114530] Microsoft Windows up to Server 2016 GDI privilege escalation
[114529] Microsoft Windows up to Server 2016 GDI privilege escalation
[114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
[114527] Microsoft Windows up to Server 2016 Kernel information disclosure
[114526] Microsoft Windows up to Server 2016 Kernel information disclosure
[114525] Microsoft Windows up to Server 2016 Kernel information disclosure
[114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
[114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
[114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
[114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity
[114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
[114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
[113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
[113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation
[113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features
[113260] Microsoft Windows up to Server 2016 Kernel privilege escalation
[113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
[113258] Microsoft Windows 10/Server 1709 Kernel information disclosure
[113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
[113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
[113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
[113254] Microsoft Windows up to Server 2016 Kernel information disclosure
[113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation
[113252] Microsoft Windows up to Server 2016 Kernel privilege escalation
[113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation
[113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation
[113249] Microsoft Windows up to Server 2016 Kernel privilege escalation
[113248] Microsoft Windows up to Server 2016 Kernel information disclosure
[113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
[113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
[113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
[113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
[113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
[113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation
[113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation
[113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
[113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation
[113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
[113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
[111358] Microsoft Windows up to Server 2016 IPsec memory corruption
[111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
[110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure
[110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features
[110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
[110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error
[107920] Microsoft Windows up to Vista SP2 Graphics information disclosure
[107759] Microsoft Windows up to Server 2016 SMB privilege escalation
[107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error
[107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation
[107740] Microsoft Windows up to Server 2016 Graphics privilege escalation
[107739] Microsoft Windows up to Server 2016 Graphics privilege escalation
[107738] Microsoft Windows up to Server 2016 Search information disclosure
[107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
[107731] Microsoft Windows 7 SP1 Shell memory corruption
[107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation
[107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation
[107723] Microsoft Windows up to Server 2016 SMB information disclosure
[106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
[106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
[106498] Microsoft Windows up to Server 2016 Shell privilege escalation
[106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
[106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
[106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
[106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
[106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure
[106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation
[106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition
[105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error
[105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error
[105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation
[105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation
[105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
[105010] Microsoft Windows up to Server 2016 Win32k privilege escalation
[105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error
[104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error
[104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service
[103446] Microsoft Windows up to Server 2016 Search privilege escalation
[103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
[103444] Microsoft Windows up to Server 2016 Explorer privilege escalation
[103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation
[103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
[103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation
[103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation
[103420] Microsoft Windows up to Server 2016 Kerberos weak authentication
[103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features
[102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
[102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
[102412] Microsoft Windows up to Server 2016 PDF privilege escalation
[102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure
[102387] Microsoft Windows up to XP SP3 Search privilege escalation
[102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
[102385] Microsoft Windows up to Server 2016 Font Library memory corruption
[102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation
[102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error
[102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
[102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
[102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation
[101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service
[101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
[101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
[101043] Microsoft Windows up to XP SP3 SMB privilege escalation
[101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101039] Microsoft Windows up to XP SP3 SMB privilege escalation
[101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation
[101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
[101026] Microsoft Windows DNS Server privilege escalation
[101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure
[101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption
[100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
[99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation
[99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure
[99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation
[99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features
[99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
[99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation
[99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation
[98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption
[98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
[98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure
[98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure
[98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery
[98110] Microsoft Windows Active Directory Federation Services information disclosure
[98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation
[98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption
[98067] Microsoft Windows up to Vista SP2 Color Management information disclosure
[98066] Microsoft Windows Color Management information disclosure
[98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure
[98058] Microsoft Windows iSNS Server memory corruption
[98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
[98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation
[98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service
[98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure
[98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure
[98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption
[98049] Microsoft Windows Uniscribe information disclosure
[98048] Microsoft Windows Uniscribe information disclosure
[98047] Microsoft Windows Uniscribe information disclosure
[98046] Microsoft Windows Uniscribe information disclosure
[98045] Microsoft Windows Uniscribe information disclosure
[98044] Microsoft Windows Uniscribe information disclosure
[98043] Microsoft Windows Uniscribe information disclosure
[98042] Microsoft Windows Uniscribe information disclosure
[98041] Microsoft Windows Uniscribe information disclosure
[98040] Microsoft Windows Uniscribe information disclosure
[98039] Microsoft Windows Uniscribe information disclosure
[98038] Microsoft Windows Uniscribe information disclosure
[98037] Microsoft Windows Uniscribe information disclosure
[98036] Microsoft Windows Uniscribe information disclosure
[98035] Microsoft Windows Uniscribe information disclosure
[98034] Microsoft Windows Uniscribe information disclosure
[98033] Microsoft Windows Uniscribe information disclosure
[98032] Microsoft Windows Uniscribe information disclosure
[98031] Microsoft Windows Uniscribe rule information disclosure
[98030] Microsoft Windows Uniscribe memory corruption
[98029] Microsoft Windows Uniscribe memory corruption
[98028] Microsoft Windows Uniscribe memory corruption
[98027] Microsoft Windows Uniscribe memory corruption
[98026] Microsoft Windows Uniscribe memory corruption
[98025] Microsoft Windows Uniscribe memory corruption
[98024] Microsoft Windows Uniscribe Data Processing Error
[98023] Microsoft Windows up to Vista SP2 SMB privilege escalation
[98022] Microsoft Windows up to XP SP3 SMB information disclosure
[98021] Microsoft Windows up to XP SP3 SMB privilege escalation
[98020] Microsoft Windows up to XP SP3 SMB privilege escalation
[98019] Microsoft Windows up to XP SP3 SMB privilege escalation
[98018] Microsoft Windows up to XP SP3 SMB privilege escalation
[98017] Microsoft Windows up to Server 2016 PDF memory corruption
[98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation
[98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure
[98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
[98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation
[98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
[96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
[95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation
[94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation
[94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error
[94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error
[94436] Microsoft Windows 10 Graphics Data Processing Error
[94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error
[94434] Microsoft Windows GDI information disclosure
[93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity
[93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure
[93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure
[93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity
[93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity
[93602] Microsoft Windows 7/10 cmd.exe privilege escalation
[93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation
[93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation
[93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation
[93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
[93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
[93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure
[93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation
[93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation
[92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
[92595] Microsoft Windows 10 Diagnostics Hub privilege escalation
[92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
[92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption
[92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation
[92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation
[92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation
[92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure
[92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure
[92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure
[91572] Microsoft Windows up to Vista Scripting Engine memory corruption
[91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
[91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
[91569] Microsoft Windows up to Vista privilege escalation
[91561] Microsoft Windows up to Vista Object memory corruption
[91560] Microsoft Windows 10 Object memory corruption
[91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation
[91540] Microsoft Windows up to Vista GDI memory corruption
[91539] Microsoft Windows up to Vista GDI privilege escalation
[91538] Microsoft Windows up to Vista GDI 7PK Security Features
[91537] Microsoft Windows win32k.sys privilege escalation
[91536] Microsoft Windows up to Vista win32k.sys privilege escalation
[90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service
[90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation
[90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure
[90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
[90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
[90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation
[90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90698] Microsoft Windows Graphics privilege escalation
[90697] Microsoft Windows Graphics privilege escalation
[90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation
[90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure
[89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service
[89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service
[89571] Microsoft Windows IMAPI CD Burning COM privilege escalation
[89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation
[89520] Microsoft Windows Terminal Services information disclosure
[89505] Microsoft Windows FTP Server privilege escalation
[89504] Microsoft Windows System Event Log privilege escalation
[89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication
[89431] Microsoft Windows FAT32 Partition Driver information disclosure
[89417] Microsoft Windows RAS Connection weak encryption
[89413] Microsoft Windows Default Share privilege escalation
[89411] Microsoft Windows LanMan Hash weak authentication
[89389] Microsoft Windows Auto Update information disclosure
[89345] Microsoft Windows NetBIOS Shared Folder information disclosure
[89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure
[89342] Microsoft Windows 95/98 LanMan Hash weak encryption
[89340] Microsoft Windows 95/98 SMB Service memory corruption
[89337] Microsoft Windows FTP Service denial of service
[89335] Microsoft Windows NetBIOS/CIFS weak encryption
[89303] Microsoft Windows Admin Account weak authentication
[89299] Microsoft Windows LanMan Authentication weak authentication
[89297] Microsoft Windows Startup Malware privilege escalation
[89295] Microsoft Windows Services information disclosure
[89294] Microsoft Windows Guest Account information disclosure
[89293] Microsoft Windows Guest Account unknown vulnerability
[89292] Microsoft Windows Guest Account Log information disclosure
[89290] Microsoft Windows Security Log denial of service
[89288] Microsoft Windows Winlogon privilege escalation
[89259] Microsoft Windows Patch MS04-002 privilege escalation
[89150] Microsoft Windows RAS weak encryption
[89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure
[89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation
[89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features
[89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
[88883] Microsoft Windows VeriSign weak authentication
[88787] Microsoft Windows NT 4.0 RAS via PPP denial of service
[88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation
[88781] Microsoft Windows 2000 Active Directory Schema privilege escalation
[88775] Microsoft Windows XP Digitally Sign weak authentication
[88774] Microsoft Windows XP Digitally Sign weak authentication
[88773] Microsoft Windows XP Digitally Sign weak authentication
[88772] Microsoft Windows XP Session Key weak authentication
[88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation
[88763] Microsoft Windows Remote Data Services information disclosure
[88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service
[88686] Microsoft Windows Locator Service information disclosure
[88675] Microsoft Windows information disclosure
[88670] Microsoft Windows Password Filter privilege escalation
[88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation
[88658] Microsoft Windows NT 4.0 Device Driver privilege escalation
[88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure
[88655] Microsoft Windows 2000 DNS Server privilege escalation
[88649] Microsoft Windows information disclosure
[88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation
[88630] Microsoft Windows Registry Permission privilege escalation
[88598] Microsoft Windows NT 4.0/2000 privilege escalation
[88438] Microsoft Windows 95/98 ICMP denial of service
[88319] Microsoft Windows NT 4.0 File Protection privilege escalation
[88316] Microsoft Windows privilege escalation
[88313] Microsoft Windows W32/Deloder Worm privilege escalation
[88311] Microsoft Windows UPnP TCP Helper information disclosure
[88285] Microsoft Windows CIS information disclosure
[88283] Microsoft Windows Terminal Services/Citrix Server weak authentication
[88281] Microsoft Windows SvcOpenSCManager information disclosure
[88276] Microsoft Windows shlwapi.dll denial of service
[88269] Microsoft Windows Registry Password information disclosure
[88268] Microsoft Windows information disclosure
[88266] Microsoft Windows information disclosure
[88265] Microsoft Windows information disclosure
[88264] Microsoft Windows User information disclosure
[88253] Microsoft Windows SMB Server privilege escalation
[88251] Microsoft Windows Guest Account privilege escalation
[88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability
[88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation
[88210] Microsoft Windows Secure Site weak encryption
[88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service
[88198] Microsoft Windows DNS Server privilege escalation
[88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation
[88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation
[88194] Microsoft Windows Debug Programs Privilege privilege escalation
[88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation
[88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation
[88191] Microsoft Windows Create a Pagefile Privilege privilege escalation
[88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation
[88188] Microsoft Windows Profile Single Process Privilege privilege escalation
[88187] Microsoft Windows Change the System Time Privilege privilege escalation
[88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation
[88185] Microsoft Windows Profile System Performance Privilege privilege escalation
[88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation
[88183] Microsoft Windows Increase Quotas Privilege privilege escalation
[88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation
[88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation
[88179] Microsoft Windows Protocol information disclosure
[88178] Microsoft Windows Network Interface information disclosure
[88173] Microsoft Windows rsh TCP Sequence privilege escalation
[88172] Microsoft Windows Service Unknown information disclosure
[88171] Microsoft Windows Registry File Association privilege escalation
[88159] Microsoft Windows Remote Access Service information disclosure
[88157] Microsoft Windows 2000/NT Password Policy weak authentication
[88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption
[88154] Microsoft Windows 2000/NT Username information disclosure
[88153] Microsoft Windows 2000/NT information disclosure
[88152] Microsoft Windows NetBIOS privilege escalation
[88151] Microsoft Windows Registry privilege escalation
[88150] Microsoft Windows NT Share information disclosure
[87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation
[87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation
[87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
[87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation
[87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
[87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error
[87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error
[87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation
[87949] Microsoft Windows Netlogon privilege escalation
[87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation
[87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation
[87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation
[87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure
[87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
[87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation
[87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation
[87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation
[87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption
[87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation
[87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation
[87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation
[87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation
[87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
[87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure
[87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation
[87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation
[87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation
[87154] Microsoft Windows up to Vista SP2 Imaging memory corruption
[87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption
[87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation
[87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure
[87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure
[87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
[87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
[83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service
[82236] Microsoft Windows up to Vista SP2 OLE privilege escalation
[82234] Microsoft Windows 10 HTTP.sys Data Processing Error
[82231] Microsoft Windows up to Vista SP2 Font Library memory corruption
[82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features
[82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
[82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
[82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
[81899] Microsoft Windows Media Services privilege escalation
[81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service
[81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation
[81814] Microsoft Windows Telnet weak encryption
[81813] Microsoft Windows XP weak encryption
[81812] Microsoft Windows XP Network Client Feature weak authentication
[81801] Microsoft Windows Logon Hours privilege escalation
[81798] Microsoft Windows XP Remote Desktop information disclosure
[81788] Microsoft Windows privilege escalation
[81719] Microsoft Windows privilege escalation
[81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation
[81685] Microsoft Windows Guest Account privilege escalation
[81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation
[81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation
[81277] Microsoft Windows privilege escalation
[81276] Microsoft Windows up to Vista SP2 OLE privilege escalation
[81275] Microsoft Windows up to Vista SP2 OLE privilege escalation
[81271] Microsoft Windows 10 PDF Library privilege escalation
[81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation
[81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation
[81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation
[81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation
[81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation
[81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation
[80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
[80879] Microsoft Windows Network Policy Server RADIUS privilege escalation
[80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation
[80877] Microsoft Windows up to Vista SP2 Forms information disclosure
[80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation
[80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
[80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation
[80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation
[80864] Microsoft Windows up to Vista DLL Loader privilege escalation
[80863] Microsoft Windows up to Vista DLL Loader privilege escalation
[80861] Microsoft Windows up to Vista SP2 Journal memory corruption
[80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation
[80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
[80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features
[80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption
[80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure
[80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation
[80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation
[79515] Microsoft Windows 10 Kernel privilege escalation
[79514] Microsoft Windows up to Vista Kernel privilege escalation
[79513] Microsoft Windows up to Vista Kernel privilege escalation
[79512] Microsoft Windows up to Vista Kernel privilege escalation
[79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation
[79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure
[79509] Microsoft Windows up to Vista PGM race condition
[79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation
[79507] Microsoft Windows up to Vista Library Loader privilege escalation
[79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation
[79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error
[79495] Microsoft Windows up to Vista Graphics memory corruption
[79494] Microsoft Windows up to Vista Graphics memory corruption
[79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
[79492] Microsoft Windows DNS memory corruption
[79191] Microsoft Windows Journal memory corruption
[79184] Microsoft Windows up to Vista TLS Schannel privilege escalation
[79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
[79182] Microsoft Windows up to Vista Winsock privilege escalation
[79174] Microsoft Windows up to Vista Kernel 7PK Security Features
[79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
[79172] Microsoft Windows up to Vista Graphics privilege escalation
[79171] Microsoft Windows up to Vista Graphics privilege escalation
[79170] Microsoft Windows up to Vista Kernel information disclosure
[79169] Microsoft Windows up to Vista Kernel privilege escalation
[79168] Microsoft Windows up to Vista Kernel 7PK Security Features
[79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
[78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption
[78363] Microsoft Windows up to Vista SP2 Shell memory corruption
[77640] Microsoft Windows Active Directory Code
[77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error
[77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation
[77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation
[77042] Microsoft Windows up to Vista Filesystem privilege escalation
[77041] Microsoft Windows up to Vista Registry privilege escalation
[77040] Microsoft Windows up to Vista Object Manager privilege escalation
[77039] Microsoft Windows up to Vista WebDAV SSL weak encryption
[77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
[77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
[77035] Microsoft Windows up to Vista Server Message Block memory corruption
[77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation
[77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation
[77032] Microsoft Windows up to Vista XML Core Services weak encryption
[77031] Microsoft Windows up to Vista XML Core Services information disclosure
[77030] Microsoft Windows up to Vista XML Core Services weak encryption
[77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation
[77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation
[77027] Microsoft Windows up to Vista CSRSS privilege escalation
[77026] Microsoft Windows up to Vista ASLR information disclosure
[77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77019] Microsoft Windows up to Vista OpenType Font Parser Code
[77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error
[76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption
[76493] Microsoft Windows up to Vista SP2 OLE privilege escalation
[76492] Microsoft Windows up to Vista SP2 OLE privilege escalation
[76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
[76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error
[76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features
[76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
[75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
[75782] Microsoft Windows up to Vista Common Controls memory corruption
[75760] Microsoft Windows Media Player 10/11/12 DataObject Code
[75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation
[75328] Microsoft Windows up to Vista Management Console memory corruption
[75327] Microsoft Windows up to Vista SP2 Schannel weak encryption
[75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error
[75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure
[75285] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75284] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75283] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75282] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75281] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75280] Microsoft Windows up to Vista SP2 Journal privilege escalation
[74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation
[74840] Microsoft Windows up to Vista EMF File privilege escalation
[74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
[74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
[74104] Microsoft Windows up to Vista Digital Certificate weak authentication
[74022] Microsoft Windows up to Vista Certificate weak authentication
[73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure
[73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure
[73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
[73960] Microsoft Windows Netlogon Service User 7PK Security Features
[73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error
[73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error
[73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure
[73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure
[73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption
[73938] Microsoft Windows VBScript Scripting Engine denial of service
[69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption
[69161] Microsoft Windows up to Vista information disclosure
[69160] Microsoft Windows up to Server 2012 Process privilege escalation
[69159] Microsoft Windows up to Vista Group Policy 7PK Security Features
[69154] Microsoft Windows up to Vista Group Policy weak authentication
[69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation
[69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation
[69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption
[69150] Microsoft Windows up to Vista win32k.sys privilege escalation
[69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure
[69148] Microsoft Windows up to Vista Win32k.sys privilege escalation
[68596] Microsoft Windows Internet Authentication Service denial of service
[68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
[68590] Microsoft Windows up to Vista TS WebProxy directory traversal
[68589] Microsoft Windows up to Vista Telnet Server memory corruption
[66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption
[66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation
[65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation
[62913] Microsoft Windows up to XP SP3 Shell Numeric Error
[61648] Microsoft Windows XP privilege escalation
[60245] Microsoft Windows unknown vulnerability
[60209] Microsoft Windows msvcrt.dll memory corruption
[60065] Microsoft Windows 2000 mod_sql information disclosure
[59391] Microsoft Windows memory corruption
[59006] Microsoft Windows Media Center TV Pack memory corruption
[59004] Microsoft Windows memory corruption
[58991] Microsoft Windows XP memory corruption
[58238] Microsoft Windows Data Access Components memory corruption
[58236] Microsoft Windows TCP/IP Stack denial of service
[57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation
[57692] Microsoft Windows XP denial of service
[57085] Microsoft Windows msgsc.dll memory corruption
[57080] Microsoft Windows privilege escalation
[57014] Microsoft Windows Default Configuration
[56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation
[56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation
[56383] Microsoft Windows privilege escalation
[56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
[55937] Microsoft Windows XP denial of service
[55777] Microsoft Windows Movie Maker 2.6 memory corruption
[55776] Microsoft Windows memory corruption
[55775] Microsoft Windows Media Encoder 9 memory corruption
[54982] Microsoft Windows 7/Vista SP2 denial of service
[54981] Microsoft Windows R2 privilege escalation
[54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation
[54717] Microsoft Windows privilege escalation
[54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption
[54553] Microsoft Windows sdclt.exe weak encryption
[54552] Microsoft Windows smmscrpt.dll memory corruption
[54551] Microsoft Windows contact memory corruption
[54342] Microsoft Windows privilege escalation
[54341] Microsoft Windows Movie Maker 2.1 privilege escalation
[54334] Microsoft Windows privilege escalation
[54333] Microsoft Windows denial of service
[54332] Microsoft Windows privilege escalation
[53591] Microsoft Windows Server 2003 GetServerName cross site scripting
[53511] Microsoft Windows privilege escalation
[53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error
[53104] Microsoft Windows smtpsvc.dll privilege escalation
[53103] Microsoft Windows smtpsvc.dll weak encryption
[52780] Microsoft Windows cabview.dll privilege escalation
[52776] Microsoft Windows SMB Client denial of service
[52775] Microsoft Windows denial of service
[52774] Microsoft Windows SMB Client privilege escalation
[52753] Microsoft Windows information disclosure
[52336] Microsoft Windows denial of service
[52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption
[52036] Microsoft Windows 2000 MsgBox memory corruption
[51997] Microsoft Windows Media Player 9 memory corruption
[51811] Microsoft Windows max3activex.dll privilege escalation
[51809] Microsoft Windows denial of service
[51808] Microsoft Windows privilege escalation
[51807] Microsoft Windows privilege escalation
[51806] Microsoft Windows privilege escalation
[51804] Microsoft Windows weak encryption
[51803] Microsoft Windows denial of service
[51796] Microsoft Windows privilege escalation
[51795] Microsoft Windows race condition
[51794] Microsoft Windows privilege escalation
[51793] Microsoft Windows race condition
[51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
[51135] Microsoft Windows ir32_32.dll memory corruption
[51134] Microsoft Windows privilege escalation
[51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation
[51132] Microsoft Windows memory corruption
[51128] Microsoft Windows privilege escalation
[51078] Microsoft Windows denial of service
[51077] Microsoft Windows privilege escalation
[51076] Microsoft Windows denial of service
[51075] Microsoft Windows privilege escalation
[51073] Microsoft Windows weak authentication
[50811] Microsoft Windows denial of service
[50786] Microsoft Windows 2000 llssrv.exe memory corruption
[50785] Microsoft Windows privilege escalation
[50783] Microsoft Windows privilege escalation
[50451] Microsoft Windows GDI+ Numeric Error
[50449] Microsoft Windows EducatedScholar privilege escalation
[50448] Microsoft Windows privilege escalation
[50447] Microsoft Windows privilege escalation
[50446] Microsoft Windows Media Player 6.4 memory corruption
[50445] Microsoft Windows EducatedScholar denial of service
[50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error
[50439] Microsoft Windows Numeric Error
[50438] Microsoft Windows weak encryption
[50431] Microsoft Windows privilege escalation
[50430] Microsoft Windows privilege escalation
[50429] Microsoft Windows privilege escalation
[49866] Microsoft Windows Server 2003 privilege escalation
[49745] Microsoft Windows Server 2003 denial of service
[49434] Microsoft Windows 7 denial of service
[49394] Microsoft Windows Server 2003 privilege escalation
[49393] Microsoft Windows privilege escalation
[49392] Microsoft Windows memory corruption
[49391] Microsoft Windows Avifil32.dll Numeric Error
[49046] Microsoft Windows Server 2003 quartz.dll privilege escalation
[49045] Microsoft Windows Server 2003 quartz.dll privilege escalation
[48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation
[48517] Microsoft Windows 2000 denial of service
[48516] Microsoft Windows Server 2008 privilege escalation
[48513] Microsoft Windows Search 4.0 cross site scripting
[48512] Microsoft Windows Server 2008 privilege escalation
[48033] Microsoft Windows XP denial of service
[47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error
[47719] Microsoft Windows 2000 memory corruption
[47717] Microsoft Windows privilege escalation
[47715] Microsoft Windows 2000 Wordpad memory corruption
[47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error
[47464] Microsoft Windows unlzh.c memory corruption
[47091] Microsoft Windows Server 2008 privilege escalation
[47090] Microsoft Windows Server 2008 privilege escalation
[47089] Microsoft Windows weak authentication
[46637] Microsoft Windows DNS Server denial of service
[46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation
[46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal
[45911] Microsoft Windows Domain Controller privilege escalation
[45907] Microsoft Windows XP chm memory corruption
[45905] Microsoft Windows privilege escalation
[45904] Microsoft Windows memory corruption
[45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure
[45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error
[45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service
[45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service
[45378] Microsoft Windows Media Player up to 6.4 information disclosure
[45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation
[45197] Microsoft Windows 2000 nskey.dll memory corruption
[45129] Microsoft Windows Live Messenger denial of service
[45063] Microsoft Windows Server 2003 Active Directory information disclosure
[44860] Microsoft Windows Media Player up to 9 privilege escalation
[44533] Microsoft Windows 2000 mqsvc.exe privilege escalation
[44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error
[44246] Microsoft Windows XP SP3 denial of service
[44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation
[44069] Microsoft Windows denial of service
[43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation
[43953] Microsoft Windows ActiveX Control wmex.dll memory corruption
[43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation
[43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation
[43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure
[43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation
[43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability
[42732] Microsoft Windows Server 2003/Vista/XP privilege escalation
[42731] Microsoft Windows Server 2003 privilege escalation
[42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption
[42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service
[42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service
[41879] Microsoft Windows 2000/Server 2003/Vista memory corruption
[41878] Microsoft Windows 2000/Server 2003/Vista weak authentication
[41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation
[41656] Microsoft Windows privilege escalation
[40987] Microsoft Windows 2000 privilege escalation
[40986] Microsoft Windows Vista denial of service
[40416] Microsoft Windows XP memory corruption
[39937] Microsoft Windows Media Player 11 Numeric Error
[39769] Microsoft Windows 2000 cryptgenrandom information disclosure
[39749] Microsoft Windows 2000 msjet40.dll memory corruption
[39655] Microsoft Windows Server 2003 Configuration
[39324] Microsoft Windows Mobile 2005 SMS privilege escalation
[39013] Microsoft Windows XP explorer.exe memory corruption
[39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption
[38999] Microsoft Windows Server 2003 explorer.exe denial of service
[38962] Microsoft Windows Media Player 9 privilege escalation
[38332] Microsoft Windows Gadgets memory corruption
[38329] Microsoft Windows cross site scripting
[38328] Microsoft Windows memory corruption
[38326] Microsoft Windows 2000 attemptwrite Numeric Error
[38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service
[38246] Microsoft Windows denial of service
[37736] Microsoft Windows Vista unknown vulnerability
[37526] Microsoft Windows 2000/Server 2003 denial of service
[37251] Microsoft Windows 2000 memory corruption
[37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service
[37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
[36515] Microsoft Windows 2000/Server 2003/XP memory corruption
[36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error
[36052] Microsoft Windows 2000 memory corruption
[36002] Microsoft Windows 2000/XP denial of service
[35900] Microsoft Windows up to Vista GDI memory corruption
[35846] Microsoft Windows 2000/Server 2003 Default Configuration
[35822] Microsoft Windows Proxy Server denial of service
[35708] Microsoft Windows Vista Teredo Address privilege escalation
[35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability
[35706] Microsoft Windows Vista weak authentication
[35705] Microsoft Windows Vista weak authentication
[35704] Microsoft Windows Vista/XP ARP denial of service
[35703] Microsoft Windows Vista LLTD Mapper denial of service
[35702] Microsoft Windows Vista LLTD Responder weak authentication
[35701] Microsoft Windows Vista LLTD Mapper weak authentication
[35700] Microsoft Windows Vista LLTD Mapper weak authentication
[35654] Microsoft Windows XP winmm.dll mmioread denial of service
[35514] Microsoft Windows Explorer ole32.dll memory corruption
[35206] Microsoft Windows Server 2003/XP denial of service
[34994] Microsoft Windows 2000 OLE Dialog memory corruption
[34967] Microsoft Windows Mobile 5.0 denial of service
[34804] Microsoft Windows Mobile 5.0 memory corruption
[34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation
[34793] Microsoft Windows Mobile 5.0 denial of service
[34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service
[34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability
[34206] Microsoft Windows Bluetooth Stack unknown vulnerability
[34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability
[33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service
[33889] Microsoft Windows Media Player 10.00.00.4036 denial of service
[33795] Microsoft Windows Media Player 6.4 memory corruption
[33589] Microsoft Windows Live Messenger up to 8.0 denial of service
[32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption
[32694] Microsoft Windows 2000 privilege escalation
[31797] Microsoft Windows File Viewer winhlp32.exe memory corruption
[31736] Microsoft Windows XP gdiplus.dll denial of service
[31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service
[31236] Microsoft Windows information disclosure
[31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption
[31024] Microsoft Windows Live Messenger 8.0 memory corruption
[30801] Microsoft Windows up to 2000 Connection Manager memory corruption
[30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error
[30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service
[29471] Microsoft Windows Help winhlp32.exe memory corruption
[29383] Microsoft Windows XP unknown vulnerability
[28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service
[28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability
[28254] Microsoft Windows 2000 Rendering Engine extescape denial of service
[27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service
[27224] Microsoft Windows up to 1999 denial of service
[27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption
[26923] Microsoft Windows XP Administrator Account unknown vulnerability
[26618] Microsoft Windows 2000/XP Subsystem memory corruption
[26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation
[26534] Microsoft Windows denial of service
[26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability
[26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption
[26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability
[26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability
[26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability
[25708] Microsoft Windows unknown vulnerability
[25515] Microsoft Windows orun32.exe memory corruption
[25513] Microsoft Windows XP Services for UNIX unknown vulnerability
[25509] Microsoft Windows msasn1.dll memory corruption
[25400] Microsoft Windows 98SE user32.dll denial of service
[25399] Microsoft Windows XP denial of service
[25256] Microsoft Windows XP denial of service
[25185] Microsoft Windows Media Player ME unknown vulnerability
[24907] Microsoft Windows 2000 TCP/IP Stack denial of service
[24746] Microsoft Windows 2000/ME Explorer denial of service
[24283] Microsoft Windows 2000/Server 2003/XP memory corruption
[24252] Microsoft Windows 2000/NT memory corruption
[23410] Microsoft Windows XP Utility Manager denial of service
[22675] Microsoft Windows winhlp32.exe memory corruption
[22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption
[22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability
[68403] Microsoft Windows up to Vista information disclosure
[68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation
[68196] Microsoft Windows up to Vista TrueType Array Index denial of service
[68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation
[68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication
[68190] Microsoft Windows up to Vista Audio Service privilege escalation
[68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation
[68184] Microsoft Windows up to Vista privilege escalation
[68183] Microsoft Windows up to Vista Schannel privilege escalation
[68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation
[68045] Microsoft Windows up to Vista SP2 OLE privilege escalation
[67827] Microsoft Windows up to Vista win32k.sys privilege escalation
[67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation
[67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation
[67806] Microsoft Windows up to Vista TrueType Font privilege escalation
[67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service
[67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service
[67030] Microsoft Windows up to Vista Certificates weak authentication
[67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service
[66987] Microsoft Windows up to Vista Journal Parser privilege escalation
[22011] Microsoft Windows Server 2003 idirectplay4 API denial of service
[21967] Microsoft Windows 2000/ME Media Player cross site scripting
[21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability
[21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption
[21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption
[21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption
[21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service
[21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption
[21476] Microsoft Windows 2000 Message Queue Manager memory corruption
[21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service
[21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service
[20978] Microsoft Windows Server 2003 Shell Link directory traversal
[20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption
[20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation
[20815] Microsoft Windows Distributed Component Object Model Interface memory corruption
[20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation
[20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption
[20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption
[20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error
[20182] Microsoft Windows ME Help/Support Center cross site scripting
[20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption
[19970] Microsoft Windows 2000 Active Directory privilege escalation
[19759] Microsoft Windows XP ISAKMP Service denial of service
[19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure
[19574] Microsoft Windows 2000/XP Log Size denial of service
[19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption
[19355] Microsoft Windows 2000 TCP Packet denial of service
[19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation
[19261] Microsoft Windows XP Shell memory corruption
[19231] Microsoft Windows XP Domain Controller unknown vulnerability
[19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication
[19105] Microsoft Windows 2000/XP PPTP Service memory corruption
[19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service
[19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation
[19054] Microsoft Windows 2000/XP RDP denial of service
[19053] Microsoft Windows 2000/XP RDP weak encryption
[19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption
[19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption
[18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication
[18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability
[18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service
[18772] Microsoft Windows NT 4.0/2000 SMB memory corruption
[18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption
[18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting
[18464] Microsoft Windows 2000 Terminal Server privilege escalation
[18395] Microsoft Windows Media Player 7.1 information disclosure
[18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation
[18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation
[18276] Microsoft Windows 2000 LANMAN Service denial of service
[18214] Microsoft Windows XP TCP SYN denial of service
[18130] Microsoft Windows 2000 denial of service
[17973] Microsoft Windows 2000 Shell memory corruption
[17960] Microsoft Windows 2000/XP SMTP Service denial of service
[17959] Microsoft Windows 2000 SMTP Service privilege escalation
[17958] Microsoft Windows up to XP SNMP Agent Service memory corruption
[17947] Microsoft Windows 2000 Telnet Server memory corruption
[17946] Microsoft Windows 2000/NT Authorization weak authentication
[17890] Microsoft Windows XP Remote Desktop Client weak encryption
[17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service
[17834] Microsoft Windows 2000 NTFS privilege escalation
[17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service
[17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption
[17728] Microsoft Windows 2000 IKE denial of service
[17718] Microsoft Windows 2000/XP Network Address Translation weak authentication
[17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service
[17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption
[17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service
[17608] Microsoft Windows XP Help Center helpctr.exe memory corruption
[17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service
[17389] Microsoft Windows 2000 IrDA Driver memory corruption
[17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service
[17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption
[17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication
[17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure
[17147] Microsoft Windows 2000 SMTP Service privilege escalation
[17099] Microsoft Windows 98/98SE ARP denial of service
[17056] Microsoft Windows 2000 Telnet Service denial of service
[17055] Microsoft Windows 2000 Telnet Domain User information disclosure
[17054] Microsoft Windows 2000 Telnet Service denial of service
[17053] Microsoft Windows 2000 Telnet Session denial of service
[17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption
[17049] Microsoft Windows 2000 Message Request denial of service
[16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation
[16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption
[16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption
[16822] Microsoft Windows 2000 Kerberos denial of service
[16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation
[16677] Microsoft Windows 98/2000 Java Applet denial of service
[16600] Microsoft Windows 2000 Event Viewer memory corruption
[16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation
[16510] Microsoft Windows NT 4.0 PPTP Server denial of service
[16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation
[16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service
[16381] Microsoft Windows 2000 RDP denial of service
[16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation
[16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption
[16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption
[16267] Microsoft Windows 2000 Telnet Service denial of service
[16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service
[16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication
[16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service
[16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service
[16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication
[16140] Microsoft Windows Media Player 7 OCX Control denial of service
[16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service
[16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption
[16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service
[15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation
[15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service
[15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation
[15884] Microsoft Windows 95/98 IPX Packet denial of service
[15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication
[15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service
[15726] Microsoft Windows 2000 Telnet Server denial of service
[15725] Microsoft Windows 2000 Port denial of service
[15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication
[15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service
[15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service
[15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service
[15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service
[15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service
[15554] Microsoft Windows NT 4.0 Service Control Manager denial of service
[15512] Microsoft Windows 95/98 NetBIOS denial of service
[15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption
[15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication
[15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service
[15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service
[15325] Microsoft Windows 2000 Share weak authentication
[15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation
[15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation
[15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication
[15147] Microsoft Windows NT 4.0 Netbt.sys denial of service
[15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service
[15140] Microsoft Windows NT 4.0 Routing Information Field denial of service
[15135] Microsoft Windows 95 Remote Administration privilege escalation
[15122] Microsoft Windows NT 4.0 SNMP Agent denial of service
[15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation
[15065] Microsoft Windows NT 4.0 Keystream privilege escalation
[15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation
[15003] Microsoft Windows 95/98 Credential privilege escalation
[14987] Microsoft Windows NT System Policy weak authentication
[14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption
[14976] Microsoft Windows Media Player ActiveX Control File information disclosure
[14974] Microsoft Windows 95/98 Network privilege escalation
[14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service
[14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation
[14848] Microsoft Windows NT 4.0 RASMAN Configuration
[14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication
[14778] Microsoft Windows 95/98 Telnet Client memory corruption
[14767] Microsoft Windows NT 4.0 Terminal Server weak authentication
[14740] Microsoft Windows NT 4.0 Messenger Service denial of service
[14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation
[14719] Microsoft Windows NT 4.0 IOCTL privilege escalation
[14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation
[14710] Microsoft Windows NT 4.0 Image Header privilege escalation
[14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service
[14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service
[14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation
[14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service
[14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service
[14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication
[14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service
[14461] Microsoft Windows 98 Packet denial of service
[14454] Microsoft Windows NT 4.0 Beta Share privilege escalation
[14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication
[14429] Microsoft Windows NT Registry Key Value privilege escalation
[14428] Microsoft Windows NT Registry Key Permission privilege escalation
[14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation
[14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation
[14394] Microsoft Windows 2000/NT NT Alerter privilege escalation
[14379] Microsoft Windows NT Registry Key privilege escalation
[14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation
[14371] Microsoft Windows up to XP Log File Size unknown vulnerability
[14370] Microsoft Windows up to XP Removable Media privilege escalation
[14368] Microsoft Windows up to XP Logon Box Username information disclosure
[14367] Microsoft Windows up to XP Eventlog privilege escalation
[14366] Microsoft Windows up to XP Registry Key privilege escalation
[14362] Microsoft Windows 95/98/ME/NT File System privilege escalation
[14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation
[14360] Microsoft Windows up to XP Registry privilege escalation
[14359] Microsoft Windows up to XP Registry privilege escalation
[14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation
[14356] Microsoft Windows up to XP File Audit Policy privilege escalation
[14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication
[14348] Microsoft Windows NT Directory privilege escalation
[14311] Microsoft Windows NT Web Server information disclosure
[14310] Microsoft Windows NT 4.0 Ressource Kit denial of service
[14301] Microsoft Windows NT IP Fragmentation Data Processing Error
[14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication
[14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication
[14197] Microsoft Windows NT 4.0 WINS denial of service
[14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service
[14077] Microsoft Windows NT 4.0 SMB Logon denial of service
[14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service
[14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service
[14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service
[14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service
[14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service
[13992] Microsoft Windows WINS denial of service
[13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation
[13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service
[13911] Microsoft Windows NT 4.0 DNS Server denial of service
[13873] Microsoft Windows 4.0 SMB Mount denial of service
[13871] Microsoft Windows NT 4.0 Winpopup denial of service
[13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication
[13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation
[13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation
[13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation
[13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation
[13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation
[13826] Microsoft Windows Traceroute privilege escalation
[13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication
[13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication
[13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation
[13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication
[13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure
[13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service
[13814] Microsoft Windows NT 4.0 DNS Server denial of service
[13802] Microsoft Windows 95/NT 3.51 Samba Share Code
[13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication
[13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
[13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation
[13546] Microsoft Windows up to Vista XML Core Services privilege escalation
[13544] Microsoft Windows up to Vista GDI+ privilege escalation
[13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption
[13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication
[13234] Microsoft Windows iSCSI Packets privilege escalation
[13233] Microsoft Windows iSCSI Packets privilege escalation
[12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation
[12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption
[12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation
[12526] Microsoft Windows up to XP DirectShow denial of service
[12264] Microsoft Windows up to XP XML Core Services privilege escalation
[12263] Microsoft Windows up to Server 2012 Direct2D memory corruption
[12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation
[11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation
[11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service
[11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation
[11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation
[11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation
[11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error
[11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation
[11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
[10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service
[10638] Microsoft Windows up to XP TrueType Font privilege escalation
[10632] Microsoft Windows up to XP OpenType Font privilege escalation
[10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
[10191] Microsoft Windows Server 2003/XP OLE Object memory corruption
[10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation
[9944] Microsoft Windows up to XP TCP/IP Stack memory corruption
[9943] Microsoft Windows Server 2012 NAT Driver memory corruption
[9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption
[9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure
[9423] Microsoft Windows Microsoft WMV Codec privilege escalation
[9422] Microsoft Windows GIF DirectShow privilege escalation
[9398] Microsoft Windows up to XP TTF privilege escalation
[9103] Microsoft Windows TCP/IP Driver Numeric Error
[8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation
[8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption
[8208] Microsoft Windows win32k.sys privilege escalation
[8207] Microsoft Windows win32k.sys race condition
[8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation
[8095] Microsoft Windows Modern Mail weak authentication
[7996] Microsoft Windows 8 TrueType Font denial of service
[7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service
[7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service
[7644] Microsoft Windows up to XP .NET Framework callback privilege escalation
[7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service
[7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation
[7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation
[7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption
[7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication
[7128] Microsoft Windows up to XP Font Parser privilege escalation
[7123] Microsoft Windows up to XP Font Parser privilege escalation
[7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation
[7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
[6932] Microsoft Windows up to XP win32k.sys denial of service
[6931] Microsoft Windows up to XP win32k.sys denial of service
[6923] Microsoft Windows up to XP Briefcase Numeric Error
[6922] Microsoft Windows up to XP Briefcase denial of service
[6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
[6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption
[6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption
[5942] Microsoft Windows XP Remote Desktop Protocol memory corruption
[5941] Microsoft Windows XP Remote Administration Protocol memory corruption
[5940] Microsoft Windows XP Remote Administration Protocol memory corruption
[5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String
[5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation
[5663] Microsoft Windows 7/Vista Gadgets memory corruption
[5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
[5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation
[5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation
[5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation
[5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
[5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation
[5361] Microsoft Windows privilege escalation
[5359] Microsoft Windows XP t2embed.dll denial of service
[5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
[5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation
[4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
[4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation
[4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation
[4546] Microsoft Windows NT Ntdll.dll unknown vulnerability
[4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
[4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption
[4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption
[4532] Microsoft Windows Embedded ClickOnce Application memory corruption
[4484] Microsoft Windows Phone 7.5 SMS Service weak encryption
[4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation
[4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation
[4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
[4458] Microsoft Windows Apple Safari win32k.sys privilege escalation
[4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service
[4452] Microsoft Windows Adctive Directory Query memory corruption
[4451] Microsoft Windows Kernel Exception privilege escalation
[4450] Microsoft Windows OLE Objects Property privilege escalation
[4449] Microsoft Windows CSRSS Device Event Message privilege escalation
[4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation
[4447] Microsoft Windows Time ActiveX Control privilege escalation
[4440] Microsoft Windows Active Directory weak authentication
[4439] Microsoft Windows True Type Fonts privilege escalation
[4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error
[4436] Microsoft Windows True Type Fonts win32k.sys memory corruption
[4431] Microsoft Windows SSL/TLS IV privilege escalation
[4422] Microsoft Windows Driver win32k.sys memory corruption
[4421] Microsoft Windows Ancillary Function Driver privilege escalation
[4410] Microsoft Windows Library Loader privilege escalation
[4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation
[4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
[4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation
[4394] Microsoft Windows DNS Service Domain Lookup memory corruption
[4393] Microsoft Windows Server 2008 DNS Service privilege escalation
[4392] Microsoft Windows Remote Access Service privilege escalation
[4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
[4389] Microsoft Windows Remote Desktop Protocol denial of service
[4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
[4386] Microsoft Windows XP denial of service
[4382] Microsoft Windows CSRSS memory corruption
[4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation
[4380] Microsoft Windows Driver win32k.sys denial of service
[4373] Microsoft Windows MHTML cross site scripting
[4371] Microsoft Windows Distributed File System memory corruption
[4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
[4366] Microsoft Windows OLE Automatisation Numeric Error
[4365] Microsoft Windows OpenType Font privilege escalation
[4364] Microsoft Windows Active Directory cross site scripting
[4363] Microsoft Windows SMB Client privilege escalation
[4362] Microsoft Windows 7/Server 2008/Vista denial of service
[4361] Microsoft Windows Ancillary Function Driver privilege escalation
[4347] Microsoft Windows WINS Service privilege escalation
[4339] Microsoft Windows JScript/VBScript Numeric Error
[4338] Microsoft Windows DNS privilege escalation
[4337] Microsoft Windows OpenType Font memory corruption
[4336] Microsoft Windows Driver win32k.sys denial of service
[4335] Microsoft Windows GDI+ Numeric Error
[4333] Microsoft Windows Wordpad privilege escalation
[4331] Microsoft Windows SMB Transaction Parser privilege escalation
[4314] Microsoft Windows DirectShow/Windows Media privilege escalation
[4313] Microsoft Windows Remote Desktop Client privilege escalation
[4301] Microsoft Windows Server 2003 SMB Browser memory corruption
[4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
[4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
[4296] Microsoft Windows Server 2003/XP LSASS weak authentication
[4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
[4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation
[4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption
[4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
[4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
[4238] Microsoft Windows Data Access Components Numeric Error
[4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption
[4235] Microsoft Windows Fax Cover Page Editor memory corruption
[4233] Microsoft Windows privilege escalation
[4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption
[4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service
[4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation
[4226] Microsoft Windows OpenType Font Driver privilege escalation
[4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption
[4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
[4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption
[4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability
[4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation
[4201] Microsoft Windows OpenType Font Parser Numeric Error
[4198] Microsoft Windows Shell/Wordpad privilege escalation
[4195] Microsoft Windows Integer Truncation Common Control Library memory corruption
[4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation
[4193] Microsoft Windows OpenType Font Parser privilege escalation
[4192] Microsoft Windows LPC Message memory corruption
[4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
[4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation
[4184] Microsoft Windows LSASS memory corruption
[4183] Microsoft Windows Unicode Script Processor privilege escalation
[4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation
[4166] Microsoft Windows SMB Server privilege escalation
[4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption
[4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition
[4161] Microsoft Windows TLS/SSL Session weak encryption
[4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption
[4152] Microsoft Windows MFC Document Title Updating memory corruption
[4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service
[4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation
[4139] Microsoft Windows Help/Support Center privilege escalation
[4136] Microsoft Windows Media Decompression privilege escalation
[4135] Microsoft Windows Kernel Mode Driver privilege escalation
[4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation
[4126] Microsoft Windows Mail STAT Numeric Error
[4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation
[4105] Microsoft Windows SMB Client denial of service
[4104] Microsoft Windows SMTP Service privilege escalation
[4103] Microsoft Windows Server 2003 Media Services memory corruption
[4102] Microsoft Windows Authentication Verification privilege escalation
[4101] Microsoft Windows ISATAP privilege escalation
[4100] Microsoft Windows MPEG Layer-3 Codec memory corruption
[4089] Microsoft Windows Movie Maker memory corruption
[4088] Microsoft Windows HLP File MsgBox privilege escalation
[4087] Microsoft Windows DirectShow memory corruption
[4086] Microsoft Windows CSRSS privilege escalation
[4085] Microsoft Windows SMB Client privilege escalation
[4084] Microsoft Windows Shell privilege escalation
[4083] Microsoft Windows Paint Numeric Error
[4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error
[4070] Microsoft Windows Indeo Codec memory corruption
[4068] Microsoft Windows MS-CHAP Authentication privilege escalation
[4067] Microsoft Windows Active Directory Federation Service privilege escalation
[4066] Microsoft Windows Local Security Authority Subsystem denial of service
[4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation
[4058] Microsoft Windows Active Directory denial of service
[4051] Microsoft Windows GDI+ privilege escalation
[4050] Microsoft Windows ActiveX Control memory corruption
[4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation
[4044] Microsoft Windows Media Runtime privilege escalation
[4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service
[4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption
[4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
[4028] Microsoft Windows ASF/MP3 Media privilege escalation
[4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation
[4025] Microsoft Windows privilege escalation
[4016] Microsoft Windows Remote Desktop Connection memory corruption
[4014] Microsoft Windows Workstation Service denial of service
[4013] Microsoft Windows Message Queuing Service privilege escalation
[4012] Microsoft Windows WINS Service Numeric Error
[4011] Microsoft Windows WINS Service memory corruption
[4010] Microsoft Windows AVI Movie privilege escalation
[4001] Microsoft Windows DirectShow memory corruption
[3998] Microsoft Windows Embedded OpenType Font Engine memory corruption
[3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error
[3990] Microsoft Windows Print Spooler memory corruption
[3989] Microsoft Windows Print Spooler memory corruption
[3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption
[3979] Microsoft Windows DirectShow memory corruption
[3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation
[3950] Microsoft Windows HTTP Service Numeric Error
[3939] Microsoft Windows 2000 DNS privilege escalation
[3938] Microsoft Windows 2000 SSL weak authentication
[3937] Microsoft Windows 2000 privilege escalation
[3895] Microsoft Windows GDI Image Parser memory corruption
[3894] Microsoft Windows GDI Image Parser Numeric Error
[3893] Microsoft Windows WordPad denial of service
[3866] Microsoft Windows SMB Authentication weak authentication
[3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation
[3853] Microsoft Windows Ancillary Function Driver privilege escalation
[3852] Microsoft Windows SMB memory corruption
[3851] Microsoft Windows IIS IPP Service Numeric Error
[3850] Microsoft Windows privilege escalation
[3849] Microsoft Windows denial of service
[3846] Microsoft Windows privilege escalation
[3845] Microsoft Windows 2000 SP4 Active Directory denial of service
[3822] Microsoft Windows GDI+ BMP Image Numeric Error
[3821] Microsoft Windows GDI+ WMF File Numeric Error
[3820] Microsoft Windows GDI+ GIF Image Numeric Error
[3819] Microsoft Windows GDI+ EMF File Numeric Error
[3818] Microsoft Windows GDI+ Numeric Error
[3812] Microsoft Windows Vista Bitlocker Password Output information disclosure
[3806] Microsoft Windows Color Management memory corruption
[3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure
[3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation
[3733] Microsoft Windows Active Directory privilege escalation
[3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation
[3730] Microsoft Windows Vista/XP privilege escalation
[3699] Microsoft Windows CE Image privilege escalation
[3686] Microsoft Windows privilege escalation
[3675] Microsoft Windows Kernel privilege escalation
[3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation
[3673] Microsoft Windows memory corruption
[3672] Microsoft Windows GDI WMF Color Depth memory corruption
[3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation
[3542] Microsoft Windows LSASS privilege escalation
[3541] Microsoft Windows ICMP Fragmentation memory corruption
[3540] Microsoft Windows IGMPv3/MLDv2 memory corruption
[3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation
[3504] Microsoft Windows Message Queue memory corruption
[3500] Microsoft Windows Vista SMBv2 Signing privilege escalation
[3372] Microsoft Windows SharePoint Services cross site scripting
[3368] Microsoft Windows up to Vista NNTP Response memory corruption
[3367] Microsoft Windows Kodak Image Viewer privilege escalation
[3302] Microsoft Windows Services for UNIX privilege escalation
[3253] Microsoft Windows OLE Automation substringData memory corruption
[3242] Microsoft Windows VML Vector Markup Language memory corruption
[3223] Microsoft Windows Server 2003/XP URI privilege escalation
[3179] Microsoft Windows Active Directory denial of service
[3178] Microsoft Windows Active Directory memory corruption
[3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability
[3128] Microsoft Windows Win32 API memory corruption
[3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption
[3005] Microsoft Windows XP memory corruption
[3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
[2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service
[2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption
[2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation
[2932] Microsoft Windows Malware Protection Engine Integer Coercion Error
[2925] Microsoft Windows HTML Help ActiveX Control memory corruption
[2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error
[2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption
[2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability
[2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
[2737] Microsoft Windows Server 2003/XP Manifest privilege escalation
[2724] Microsoft Windows up to 10 Media Player memory corruption
[2717] Microsoft Windows 2000 Print Spooler denial of service
[2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
[2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
[2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error
[2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
[2684] Microsoft Windows 2000/XP Workstation Service memory corruption
[2659] Microsoft Windows 2000/XP GDI memory corruption
[2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
[2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service
[2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
[2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption
[2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption
[2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
[2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting
[2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation
[2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption
[2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption
[2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation
[2433] Microsoft Windows 2000 Management Console cross site scripting
[2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption
[2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption
[2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service
[2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation
[2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption
[2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption
[2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption
[2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation
[2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption
[2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption
[2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption
[2305] Microsoft Windows Server 2003/XP ART Image memory corruption
[2295] Microsoft Windows 9/10 Media Player memory corruption
[2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption
[2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption
[2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption
[2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption
[2054] Microsoft Windows up to 10 Media Player memory corruption
[2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption
[2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption
[2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption
[2036] Microsoft Windows Server 2003/XP Service privilege escalation
[1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption
[1934] Microsoft Windows Server 2003/XP WMF File privilege escalation
[1917] Microsoft Windows NT 4.0/2000 unknown vulnerability
[1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service
[1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error
[1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
[1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service
[1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption
[1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption
[1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting
[1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption
[1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption
[1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption
[1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability
[1726] Microsoft Windows XP SP2 unknown vulnerability
[1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption
[1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption
[1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service
[1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption
[1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption
[1653] Microsoft Windows up to XP USB Driver memory corruption
[1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service
[1621] Microsoft Windows up to XP SP2 Kernel denial of service
[1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption
[1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption
[1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption
[1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting
[1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption
[1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication
[1411] Microsoft Windows up to XP SP2 Image denial of service
[1407] Microsoft Windows 2000 Web View webvw.dll memory corruption
[1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption
[1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption
[1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption
[1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption
[1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption
[1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service
[1327] Microsoft Windows Server 2003 SMB denial of service
[1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service
[1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service
[1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption
[1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption
[1194] Microsoft Windows/Office up to XP COM File unknown vulnerability
[1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation
[1191] Microsoft Windows XP Hyperlink Object Library memory corruption
[1190] Microsoft Windows XP Named Pipe Connection memory corruption
[1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption
[1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption
[1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption
[1087] Microsoft Windows up to XP SP2 ANI File memory corruption
[1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption
[1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation
[1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure
[1070] Microsoft Windows XP SP2 privilege escalation
[1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption
[1041] Microsoft Windows up to XP WINS Name Validator memory corruption
[1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption
[1039] Microsoft Windows up to XP Local Procedure Call memory corruption
[1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption
[1037] Microsoft Windows NT 4.0 DHCP Service memory corruption
[1036] Microsoft Windows NT 4.0 Server memory corruption
[1011] Microsoft Windows WINS memory corruption
[937] Microsoft Windows XP WAV Media File denial of service
[909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability
[908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service
[899] Microsoft Windows memory corruption
[898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption
[897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption
[891] Microsoft Windows memory corruption
[890] Microsoft Windows denial of service
[889] Microsoft Windows memory corruption
[888] Microsoft Windows privilege escalation
[886] Microsoft Windows denial of service
[885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service
[883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption
[862] Microsoft Windows 2000/XP SYSTEM32 memory corruption
[860] Microsoft Windows 2000/XP Packet Fragmentation denial of service
[833] Microsoft Windows memory corruption
[792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability
[765] Microsoft Windows memory corruption
[764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption
[763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption
[761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption
[683] Microsoft Windows 2000 weak authentication
[664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption
[655] Microsoft Windows FTPD Sasser Worm memory corruption
[637] Microsoft Windows NetBIOS Share Name memory corruption
[618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability
[610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption
[609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption
[608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service
[607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation
[606] Microsoft Windows XP Taskmanager memory corruption
[605] Microsoft Windows 2000 Utility Manager memory corruption
[604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption
[603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error
[602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption
[601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption
[600] Microsoft Windows 2000 Domain Controller memory corruption
[599] Microsoft Windows up to Server 2003 LSASS Request memory corruption
[564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service
[530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error
[518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability
[516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption
[509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation
[508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error
[491] Microsoft Windows XP .folder memory corruption
[441] Microsoft Windows SHELL32.DLL memory corruption
[414] Microsoft Windows XP BIOS Date Reset denial of service
[383] Microsoft Windows 2000/XP Workstation Service memory corruption
[350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption
[348] Microsoft Windows XP CommCtl32.dll memory corruption
[332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption
[328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption
[323] Microsoft Windows Server 2003 Shell Folder information disclosure
[318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability
[312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability
[286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability
[278] Microsoft Windows XP ZIP Manager memory corruption
[270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability
[269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service
[261] Microsoft Windows NT 4.0 NetBIOS information disclosure
[249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption
[193] Microsoft Windows up to 8.x Media Player unknown vulnerability
[179] Microsoft Windows XP desktop.ini memory corruption
[175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service
[165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption
[164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption
[158] Microsoft Windows 2000/XP rundll32.exe memory corruption
[155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service
[153] Microsoft Windows 2000 Terminal Service unknown vulnerability
[151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service
[150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability
[149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption
[146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption
[145] Microsoft Windows 2000 Active Directory weak authentication
[135] Microsoft Windows 2000 API ShellExecute memory corruption
[134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption
[124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption
[123] Microsoft Windows 9 Media Player privilege escalation
[71] Microsoft Windows Media Player unknown vulnerability
[69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability
[61] Microsoft Windows XP Media Player 7.1 privilege escalation
[41] Microsoft Windows Form Input Type denial of service
[9] Microsoft Windows riched20.dll memory corruption
[8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption
[4] Microsoft Windows 2000 NetBIOS denial of service
MITRE CVE - https://cve.mitre.org:
[CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
[CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.
[CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
[CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
[CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
[CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
[CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
[CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
[CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
[CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
[CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
[CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
[CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
[CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
[CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
[CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
[CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
[CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
[CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
[CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
[CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
[CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
[CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
[CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
[CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
[CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
[CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
[CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
[CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
[CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
[CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
[CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
[CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
[CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
[CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
[CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
[CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
[CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
[CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
[CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
[CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
[CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
[CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
[CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
[CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
[CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
[CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."
[CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.
[CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
[CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
[CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
[CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
[CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
[CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
[CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
[CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."
[CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
[CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
[CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
[CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability."
[CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
[CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
[CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message.
[CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
[CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
[CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
[CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
[CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
[CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
[CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
[CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
[CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
[CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
[CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
[CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
[CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
[CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
[CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
[CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
[CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
[CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
[CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
[CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
[CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
[CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
[CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
[CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
[CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
[CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
[CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
[CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
[CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
[CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
[CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request.
[CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request.
[CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
[CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
[CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
[CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
[CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
[CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
[CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
[CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability."
[CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
[CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
[CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
[CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
[CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
[CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
[CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
[CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
[CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
[CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
[CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
[CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
[CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability."
[CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability."
[CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
[CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
[CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
[CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
[CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
[CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
[CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
[CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
[CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
[CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
[CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
[CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
[CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
[CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
[CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
[CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
[CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability."
[CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
[CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
[CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
[CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
[CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
[CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
[CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
[CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
[CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
[CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
[CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
[CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
[CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
[CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
[CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
[CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
[CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
[CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
[CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
[CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
[CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
[CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
[CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."
[CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
[CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
[CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
[CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
[CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
[CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
[CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
[CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
[CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."
[CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
[CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
[CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
[CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
[CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
[CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
[CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
[CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
[CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
[CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
[CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
[CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
[CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
[CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
[CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
[CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
[CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
[CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
[CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability."
[CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
[CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
[CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
[CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
[CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
[CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
[CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
[CVE-2011-1652] ** DISPUTED ** The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems.
[CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
[CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
[CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
[CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
[CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
[CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
[CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
[CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
[CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
[CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
[CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
[CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
[CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
[CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
[CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
[CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."
[CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps.
[CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
[CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
[CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
[CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
[CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
[CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
[CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
[CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
[CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
[CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
[CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
[CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
[CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
[CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
[CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
[CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."
[CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
[CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
[CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
[CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
[CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
[CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
[CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
[CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
[CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
[CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
[CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
[CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
[CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
[CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
[CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
[CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
[CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
[CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
[CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
[CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
[CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
[CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
[CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
[CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
[CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
[CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
[CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
[CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
[CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
[CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
[CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
[CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
[CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
[CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
[CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
[CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
[CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
[CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
[CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
[CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
[CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
[CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
[CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
[CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
[CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
[CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
[CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."
[CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
[CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
[CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."
[CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
[CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
[CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file.
[CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
[CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
[CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
[CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
[CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
[CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
[CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
[CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
[CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
[CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
[CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
[CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
[CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
[CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
[CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
[CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
[CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."
[CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
[CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
[CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
[CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
[CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
[CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
[CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
[CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
[CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
[CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
[CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
[CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
[CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
[CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
[CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
[CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
[CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."
[CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
[CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
[CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
[CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
[CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
[CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
[CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
[CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
[CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
[CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
[CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability."
[CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
[CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
[CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
[CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
[CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
[CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
[CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
[CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown
[CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
[CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
[CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
[CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
[CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
[CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
[CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."
[CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
[CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
[CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.
[CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
[CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
[CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
[CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
[CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
[CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
[CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
[CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
[CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
[CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
[CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
[CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.
[CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
[CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
[CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
[CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
[CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
[CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
[CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
[CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
[CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
[CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
[CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
[CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
[CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
[CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
[CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
[CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
[CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
[CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
[CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
[CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
[CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
[CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
[CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
[CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
[CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
[CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
[CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
[CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
[CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
[CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
[CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
[CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
[CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
[CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
[CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
[CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
[CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
[CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
[CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
[CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
[CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
[CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
[CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
[CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
[CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.
[CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
[CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
[CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
[CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.
[CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
[CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
[CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
[CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
[CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
[CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
[CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
[CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
[CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
[CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
[CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
[CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
[CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
[CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
[CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
[CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
[CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
[CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
[CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
[CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
[CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
[CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
[CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
[CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
[CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
[CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11
[CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
[CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
[CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
[CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
[CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
[CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
[CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
[CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
[CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
[CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
[CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
[CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
[CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
[CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
[CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.
[CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
[CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
[CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
[CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
[CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
[CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
[CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3
[CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3
[CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3
[CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3
[CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3
[CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.
[CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
[CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid.
[CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."
[CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
[CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
[CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
[CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
[CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
[CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
[CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
[CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
[CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
[CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
[CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
[CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
[CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
[CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
[CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
[CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
[CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
[CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
[CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
[CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device
[CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
[CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
[CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
[CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
[CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
[CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
[CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
[CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
[CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.
[CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
[CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
[CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
[CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
[CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
[CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
[CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
[CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
[CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
[CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
[CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
[CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
[CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898.
[CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
[CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
[CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
[CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
[CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
[CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
[CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
[CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
[CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
[CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
[CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown
[CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
[CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
[CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
[CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
[CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
[CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.
[CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file.
[CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
[CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
[CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
[CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
[CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
[CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
[CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.
[CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
[CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
[CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
[CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
[CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown
[CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
[CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
[CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
[CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
[CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
[CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
[CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
[CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
[CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
[CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
[CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
[CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
[CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
[CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
[CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.
[CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
[CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability."
[CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
[CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
[CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
[CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
[CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
[CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
[CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
[CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
[CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
[CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
[CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
[CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
[CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
[CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
[CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
[CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
[CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
[CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
[CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
[CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
[CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
[CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
[CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
[CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
[CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
[CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
[CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
[CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.
[CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.
[CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
[CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
[CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet.
[CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
[CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
[CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
[CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
[CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
[CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954.
[CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
[CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.
[CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
[CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
[CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
[CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors.
[CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR.
[CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
[CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
[CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
[CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
[CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
[CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
[CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347.
[CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.
[CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file.
[CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO.
[CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
[CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.
[CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.
[CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.
[CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.
[CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll
[CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
[CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
[CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
[CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
[CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
[CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
[CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.
[CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
[CVE-2007-3463] ** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account."
[CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
[CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag
[CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
[CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
[CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
[CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."
[CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
[CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins."
[CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
[CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
[CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
[CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
[CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
[CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854.
[CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
[CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
[CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
[CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
[CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
[CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.
[CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
[CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
[CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."
[CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
[CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
[CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
[CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
[CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
[CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
[CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
[CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
[CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.
[CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
[CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
[CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
[CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.
[CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
[CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
[CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
[CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
[CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
[CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
[CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.
[CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.
[CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
[CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.
[CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
[CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack.
[CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack.
[CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
[CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
[CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.
[CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
[CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
[CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
[CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
[CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
[CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
[CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0
[CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
[CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.
[CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
[CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
[CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
[CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
[CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
[CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
[CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
[CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.
[CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
[CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
[CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
[CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
[CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file.
[CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
[CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
[CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
[CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.
[CVE-2007-0084] ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.
[CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
[CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
[CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
[CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
[CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
[CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
[CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
[CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
[CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
[CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
[CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
[CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
[CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
[CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
[CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.
[CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
[CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
[CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
[CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
[CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.
[CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
[CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
[CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.
[CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.
[CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
[CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
[CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
[CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
[CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
[CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
[CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
[CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
[CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
[CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
[CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.
[CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.
[CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
[CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
[CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
[CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
[CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
[CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
[CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
[CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
[CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
[CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
[CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.
[CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.
[CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
[CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue.
[CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
[CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
[CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
[CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
[CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference.
[CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
[CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.
[CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
[CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
[CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
[CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
[CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
[CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
[CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
[CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
[CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
[CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
[CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
[CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
[CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
[CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.
[CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
[CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
[CVE-2006-3209] ** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation.
[CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
[CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
[CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
[CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
[CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
[CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
[CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
[CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
[CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
[CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
[CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
[CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
[CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
[CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
[CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
[CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method.
[CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program.
[CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file.
[CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
[CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
[CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
[CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
[CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
[CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
[CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
[CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
[CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
[CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.
[CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
[CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.
[CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
[CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
[CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
[CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
[CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
[CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
[CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
[CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
[CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
[CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
[CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
[CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
[CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
[CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
[CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
[CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
[CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
[CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
[CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
[CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
[CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
[CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
[CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
[CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
[CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
[CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
[CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935.
[CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940.
[CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
[CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
[CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
[CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
[CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
[CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
[CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
[CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
[CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
[CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
[CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
[CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
[CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
[CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
[CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."
[CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.
[CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.
[CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.
[CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache.
[CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
[CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
[CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
[CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
[CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
[CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
[CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
[CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.
[CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
[CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
[CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
[CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
[CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
[CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
[CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
[CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
[CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
[CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
[CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.
[CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
[CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
[CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
[CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
[CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder.
[CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
[CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
[CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows.
[CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
[CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
[CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
[CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
[CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
[CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
[CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
[CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
[CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
[CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
[CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
[CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
[CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
[CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
[CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
[CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
[CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
[CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
[CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
[CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
[CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
[CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
[CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
[CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
[CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
[CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
[CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
[CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
[CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
[CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
[CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
[CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
[CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
[CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
[CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
[CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
[CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
[CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
[CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
[CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
[CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
[CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
[CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
[CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
[CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
[CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
[CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
[CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
[CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
[CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
[CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
[CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
[CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
[CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
[CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
[CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
[CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
[CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users.
[CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
[CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
[CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
[CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
[CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
[CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
[CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
[CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.
[CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
[CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
[CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
[CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
[CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
[CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
[CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
[CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
[CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
[CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
[CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
[CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
[CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
[CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
[CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
[CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
[CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
[CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
[CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
[CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
[CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
[CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
[CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
[CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
[CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
[CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
[CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
[CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
[CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
[CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
[CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
[CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.
[CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
[CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
[CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
[CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
[CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
[CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
[CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
[CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
[CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
[CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.
[CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
[CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
[CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
[CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
[CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
[CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
[CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
[CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
[CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
[CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
[CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
[CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.
[CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.
[CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
[CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
[CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
[CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
[CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.
[CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
[CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
[CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.
[CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
[CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
[CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
[CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
[CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
[CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
[CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.
[CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
[CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
[CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
[CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
[CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
[CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.
[CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
[CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
[CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
[CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
[CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
[CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
[CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
[CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
[CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
SecurityFocus - https://www.securityfocus.com/bid/:
[90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability
[102055] Microsoft Windows RPC CVE-2017-11885 Remote Code Execution Vulnerability
[99012] Microsoft Windows RPC CVE-2017-8461 Remote Code Execution Vulnerability
[72933] Microsoft Windows 'Netlogon' RPC CVE-2015-0005 Spoofing Vulnerability
[43119] Microsoft Windows RPC Memory Allocation Remote Code Execution Vulnerability
[34443] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability
[31874] Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
[25974] Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
[18389] Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability
[14178] Microsoft Windows MSRPC Eventlog Information Disclosure Vulnerability
[14177] Microsoft Windows MSRPC SVCCTL Service Enumeration Vulnerability
[10127] Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
[10123] Microsoft Windows COM Internet Service/RPC Over HTTP Remote Denial Of Service Vulnerability
[8811] Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
[8234] Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability
[8205] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
[8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
[6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
[6005] Microsoft Windows RPC Service Denial of Service Vulnerability
[3313] Microsoft Windows NT RPC Endpoint Mapper Denial of Service Vulnerability
[2234] Microsoft Windows NT RPC DoS Vulnerability
[1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
IBM X-Force - https://exchange.xforce.ibmcloud.com:
[61498] Microsoft Windows RPC code execution
[52092] Microsoft Windows Workstation Service RPC message code execution
[50797] Microsoft Windows RPC Marshalling Engine code execution
[49581] Microsoft Windows RPCSS privilege escalation
[46040] Microsoft Windows Server Service RPC code execution
[36803] Microsoft Windows RPC NTLMSSP authentication denial of service
[33629] Microsoft Windows DNS Server RPC interface buffer overflow
[26836] Microsoft Windows RPC mutual authentication spoofing
[24491] Microsoft Windows MSRPC WebClient service message buffer overflow
[23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
[22481] Microsoft Windows MSRPC Plug and Play buffer overflow
[17646] Microsoft Windows RPC Runtime Library obtain information
[16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected
[15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service
[15708] Microsoft Windows RPCSS Service RPC message can cause denial of service
[13426] Microsoft Windows 2000 and XP RPC race condition
[13129] Microsoft Windows RPCSS DCOM buffer overflows
[12747] Microsoft Windows RPC DCOM interface buffer overflow detected
[12679] Microsoft Windows RPC DCOM denial of service
[11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
[10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
[7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
[7105] Microsoft Windows RPC endpoint mapper malformed request denial of service
[5222] Microsoft Windows 2000 malformed RPC packet denial of service
[1977] Microsoft Windows NT RPC services can be used to deplete system resources
[17] Microsoft Windows NT RPC locator denial of service
[86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
[86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
[86096] Microsoft Windows NTVDM privilege escalation 3
[86095] Microsoft Windows NTVDM privilege escalation 2
[86094] Microsoft Windows NTVDM privilege escalation 1
[86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
[86090] Microsoft Windows ICMPv6 denial of service
[86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
[86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
[86074] Microsoft Windows Unicode code execution
[86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
[86072] Microsoft Windows Active Directory Federation Services information disclosure
[86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
[86069] Microsoft Windows Windows NAT Driver denial of service
[85801] Microsoft Windows Movie Maker .wav denial of service
[85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
[85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
[85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
[85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
[85234] Microsoft Windows privilege escalation
[85233] Microsoft Windows denial of service
[85232] Microsoft Windows privilege escalation
[85231] Microsoft Windows TrueType font file code execution
[85230] Microsoft Windows privilege escalation
[85229] Microsoft Windows privilege escalation
[85228] Microsoft Windows privilege escalation
[85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
[85226] Microsoft Windows Media Format Runtime code execution
[85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation
[85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
[85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
[84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
[84620] Microsoft Windows kernel denial of service
[84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
[84618] Microsoft Windows Print Spooler privilege escalation
[84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
[84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
[84614] Microsoft Windows kernel information disclosure
[84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
[84571] Microsoft Windows denial of service
[84546] Microsoft Windows Media Player .wav denial of service
[84391] Microsoft Windows win32k.sys privilege escalation
[84267] Microsoft Windows Update file detected
[84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
[83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
[83911] Microsoft Windows denial of service
[83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
[83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
[83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
[83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
[83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
[83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
[83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
[83875] Microsoft Windows privilege escalation
[83874] Microsoft Windows privilege escalation
[83873] Microsoft Windows privilege escalation
[83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
[83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
[83099] Microsoft Windows denial of service
[83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
[83097] Microsoft Windows privilege escalation
[83096] Microsoft Windows privilege escalation
[83095] Microsoft Windows denial of service
[83094] Microsoft Windows privilege escalation
[83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
[83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
[83090] Microsoft Windows privilege escalation
[83089] Microsoft Windows privilege escalation
[83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
[83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
[83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
[83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
[83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation
[83063] Microsoft Windows Modern Mail spoofing
[82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass
[82775] Microsoft Windows kernel privilege escalation
[82774] Microsoft Windows ASLR and DEP security bypass
[82772] Microsoft Windows ASLR security bypass
[82769] Microsoft Windows TTF denial of service
[82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
[82599] Microsoft Windows Live Essentials information disclosure
[82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass
[82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
[82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
[82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
[82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
[82414] Microsoft Windows USB device privilege escalation
[82413] Microsoft Windows USB device privilege escalation
[82412] Microsoft Windows USB device privilege escalation
[82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
[82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
[82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
[82089] Microsoft Windows ZwSetInformationProcess() denial of service
[81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
[81858] Microsoft Windows OLE code execution
[81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
[81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
[81682] Microsoft Windows .MPG code execution
[81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
[81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
[81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation
[81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
[81677] Microsoft Windows TCP/IP sequence denial of service
[81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
[81675] Microsoft Windows NFS server denial of service
[81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
[81673] Microsoft Windows Vector Markup Language code execution
[81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
[81671] Microsoft Windows kernel privilege escalation
[81670] Microsoft Windows kernel privilege escalation
[81669] Microsoft Windows kernel privilege escalation
[81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
[81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
[81665] Microsoft Windows CVE-2013-1277 privilege escalation
[81664] Microsoft Windows CVE-2013-1276 privilege escalation
[81663] Microsoft Windows CVE-2013-1275 privilege escalation
[81662] Microsoft Windows CVE-2013-1274 privilege escalation
[81661] Microsoft Windows CVE-2013-1273 privilege escalation
[81660] Microsoft Windows CVE-2013-1272 privilege escalation
[81659] Microsoft Windows CVE-2013-1271 privilege escalation
[81658] Microsoft Windows CVE-2013-1270 privilege escalation
[81657] Microsoft Windows CVE-2013-1269 privilege escalation
[81656] Microsoft Windows CVE-2013-1268 privilege escalation
[81655] Microsoft Windows CVE-2013-1267 privilege escalation
[81654] Microsoft Windows CVE-2013-1266 privilege escalation
[81653] Microsoft Windows CVE-2013-1265 privilege escalation
[81652] Microsoft Windows CVE-2013-1264 privilege escalation
[81651] Microsoft Windows CVE-2013-1263 privilege escalation
[81650] Microsoft Windows CVE-2013-1262 privilege escalation
[81649] Microsoft Windows CVE-2013-1261 privilege escalation
[81648] Microsoft Windows CVE-2013-1260 privilege escalation
[81647] Microsoft Windows CVE-2013-1259 privilege escalation
[81646] Microsoft Windows CVE-2013-1258 privilege escalation
[81645] Microsoft Windows CVE-2013-1257 privilege escalation
[81644] Microsoft Windows CVE-2013-1256 privilege escalation
[81643] Microsoft Windows CVE-2013-1255 privilege escalation
[81642] Microsoft Windows CVE-2013-1254 privilege escalation
[81641] Microsoft Windows CVE-2013-1253 privilege escalation
[81640] Microsoft Windows CVE-2013-1252 privilege escalation
[81639] Microsoft Windows CVE-2013-1251 privilege escalation
[81638] Microsoft Windows CVE-2013-1250 privilege escalation
[81637] Microsoft Windows CVE-2013-1249 privilege escalation
[81636] Microsoft Windows CVE-2013-1248 privilege escalation
[81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
[81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
[80918] Microsoft Windows digital certificate spoofing
[80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
[80874] Microsoft Windows XML code execution
[80873] Microsoft Windows XML content code execution
[80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
[80869] Microsoft .NET Framework Windows Forms privilege escalation
[80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
[80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
[80864] Microsoft Windows print spooler code execution
[80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
[80862] Microsoft Windows broadcast privilege escalation
[80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
[80860] Microsoft Windows SSL/TLS security bypass
[80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
[80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
[80359] Microsoft Windows IPHTTPS security bypass
[80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
[80357] Microsoft Windows DirectPlay buffer overflow
[80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
[80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
[80351] Microsoft Windows TrueType Fonts files code execution
[80350] Microsoft Windows OpenType Font code execution
[80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
[79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
[79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
[79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
[79682] Microsoft Windows font code execution
[79681] Microsoft Windows kernel privilege escalation
[79680] Microsoft Windows kernel privilege escalation
[79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
[79678] Microsoft Windows filenames code execution
[79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
[79676] Microsoft Windows Briefcase integer overflow
[79675] Microsoft Windows Briefcase integer underflow
[79648] Microsoft Windows Help Viewer denial of service
[79479] Microsoft Windows Media Player .avi denial of service
[79124] Microsoft Windows IKE privilege escalation
[78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
[78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
[78861] Microsoft Windows Kerberos denial of service
[78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
[78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
[78855] Microsoft Windows kernel privilege escalation
[78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
[78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
[78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
[78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
[78620] Microsoft Windows Phone 7 domain name spoofing
[78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
[78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
[78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
[77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
[77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
[77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
[77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
[77356] Microsoft Windows RAP response packet buffer overflow
[77355] Microsoft Windows RAP response packet buffer overflow
[77354] Microsoft Windows Print Spooler service format string
[77353] Microsoft Windows Remote Administration Protocol denial of service
[77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
[77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
[77349] Microsoft Windows memory privilege escalation
[77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
[77347] Microsoft Windows Remote Desktop Protocol code execution
[77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
[77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
[77341] Microsoft Windows ActiveX control code execution
[77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
[77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
[77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow
[77244] nginx and Microsoft Windows request security bypass
[76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
[76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
[76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
[76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
[76720] Microsoft Windows hook procedure privilege escalation
[76719] Microsoft Windows keyboard privilege escalation
[76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
[76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
[76707] Microsoft Windows search scopes information disclosure
[76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
[76703] Microsoft Windows file code execution
[76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
[76701] Microsoft Windows TLS information disclosure
[76223] Microsoft Windows .otf denial of service
[76221] Microsoft Windows XML Core Services code execution
[76026] Microsoft Windows Microsoft Certificate Authority spoofing
[75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
[75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
[75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
[75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
[75938] Microsoft Windows RDP code execution
[75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
[75933] Microsoft Windows thread privilege escalation
[75932] Microsoft Windows font privilege escalation
[75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation"
[75930] Microsoft Windows String Atom Class Name privilege escalation
[75929] Microsoft Windows String Atom Class Name privilege escalation
[75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
[75927] Microsoft Windows User Mode Scheduler privilege escalation
[75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
[75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
[75772] Microsoft Windows keyboard layout privilege escalation
[75329] Microsoft Windows xxxCreateWindowEx() denial of service
[75140] Microsoft Windows scrollbar calculation privilege escalation
[75139] Microsoft Windows Keyboard Layout files privilege escalation
[75138] Microsoft Windows messages privilege escalation
[75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
[75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
[75131] Microsoft Windows Plug and Play (PnP) privilege escalation
[75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
[75129] Microsoft Windows IPv6 address privilege escalation
[75128] Microsoft Windows broadcast packets security bypass
[75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
[75126] Microsoft Windows GDI+ EMF buffer overflow
[75125] Microsoft Windows GDI+ EMF code execution
[75124] Microsoft Windows TrueType code execution
[75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
[75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
[74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
[74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
[74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
[74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
[74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution
[74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
[73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
[73542] Microsoft Windows Remote Desktop Protocol denial of service
[73541] Microsoft Windows Remote Desktop Protocol code execution
[73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
[73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
[73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
[73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
[73532] Microsoft Windows DNS Server denial of service
[73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
[73529] Microsoft Windows PostMessage function privilege escalation
[73356] Microsoft Windows DNS security bypass
[72950] Microsoft Windows IPv6 information disclosure
[72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
[72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
[72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
[72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
[72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
[72854] Microsoft Windows keyboard privilege escalation
[72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
[72852] Microsoft Windows Authenticode code execution
[72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
[72850] Microsoft Windows msvcrt dynamic link library buffer overflow
[72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
[72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
[72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
[72840] Microsoft Windows Ancillary Function Driver privilege escalation
[72839] Microsoft Windows Ancillary Function Driver privilege escalation
[72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
[72560] Microsoft Windows Media Format ASF invalid stream
[72346] Microsoft Windows Explorer denial of service
[72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
[72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
[72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation
[71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
[71997] Microsoft Windows SafeSEH security bypass
[71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
[71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
[71993] Microsoft Windows DirectShow code execution
[71992] Microsoft Windows Media Player MIDI code execution
[71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
[71966] Microsoft Windows Media Player access denial of service
[71944] Microsoft Windows Phone messages denial of service
[71873] Microsoft Windows win32k.sys code execution
[71733] Microsoft Windows sandbox privilege escalation
[71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
[71564] Microsoft Windows Media Player DVR-MS code execution
[71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
[71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
[71559] Microsoft Windows Active Directory buffer overflow
[71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
[71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
[71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
[71553] Microsoft Windows kernel privilege escalation
[71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
[71551] Microsoft Windows OLE object code execution
[71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
[71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation
[71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
[71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
[71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
[71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
[71418] Microsoft Windows keyboard layout denial of service
[71291] Microsoft Windows Server AppLocker security bypass
[71073] Microsoft Windows kernel Duqu code execution
[70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
[70950] Microsoft Windows Active Directory privilege escalation
[70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
[70948] Microsoft Windows Mail and Windows Meeting Space code execution
[70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
[70946] Microsoft Windows TrueType denial of service
[70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
[70944] Microsoft Windows Object Packager code execution
[70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
[70942] Microsoft Windows TCP/IP code execution
[70940] Microsoft Windows ClickOnce code execution
[70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
[70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
[70143] Microsoft Windows Media Center DLL code execution
[70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
[70137] Microsoft Windows Ancillary Function Driver privilege escalation
[70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
[70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
[70114] Microsoft Windows use-after-free privilege escalation
[70113] Microsoft Windows .fon buffer overflow
[70112] Microsoft Windows TrueType denial of service
[69638] Microsoft Windows csrss.exe denial of service
[69558] Microsoft Windows Script Host DLL code execution
[69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
[69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
[69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
[69491] Microsoft Windows WINS privilege escalation
[69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
[69489] Microsoft Windows components DLL code execution
[69215] Microsoft Windows DHCPv6 denial of service
[69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure
[68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
[68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting
[68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure
[68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting
[68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
[68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
[68830] Microsoft Windows Remote Desktop Protocol denial of service
[68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
[68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
[68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
[68824] Microsoft Windows Remote Desktop Web Access privilege escalation
[68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
[68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
[68815] Microsoft Windows kernel meta-data denial of service
[68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
[68813] Microsoft Windows Data Access code execution
[68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
[68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
[68808] Microsoft Windows DNS Server denial of service
[68807] Microsoft Windows DNS Server code execution
[68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
[68805] Microsoft Windows NDISTAPI privilege escalation
[68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
[68803] Microsoft Windows TCP/IP QoS denial of service
[68802] Microsoft Windows TCP/IP ICMP denial of service
[68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
[68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation
[68469] Microsoft Windows GPU denial of service
[68467] Microsoft Windows NVIDIA Geforce 310 denial of service
[68465] Microsoft Windows Intel G41 denial of service
[68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
[68314] Microsoft Windows win32k.sys privilege escalation
[68313] Microsoft Windows win32k.sys privilege escalation
[68312] Microsoft Windows win32k.sys information disclosure
[68311] Microsoft Windows NULL privilege escalation
[68310] Microsoft Windows win32k.sys privilege escalation
[68309] Microsoft Windows win32k.sys privilege escalation
[68308] Microsoft Windows win32k.sys privilege escalation
[68307] Microsoft Windows NULL pointer privilege escalation
[68306] Microsoft Windows NULL pointer privilege escalation
[68305] Microsoft Windows kernel-mode driver privilege escalation
[68304] Microsoft Windows kernel-mode driver privilege escalation
[68303] Microsoft Windows kernel-mode driver privilege escalation
[68302] Microsoft Windows win32k.sys privilege escalation
[68301] Microsoft Windows win32k.sys privilege escalation
[68300] Microsoft Windows win32k.sys privilege escalation
[68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
[68298] Microsoft Windows Bluetooth stack code execution
[68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
[68002] Microsoft Windows Media Player klite denial of service
[67989] Microsoft Windows tskill privilege escalation
[67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
[67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
[67942] Microsoft Windows Vector Markup Language (VML) code execution
[67795] Microsoft Windows Live Messenger dwmapi.dll code execution
[67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
[67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
[67758] Microsoft Windows MHTML information disclosure
[67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
[67756] Microsoft Windows Object Linking and Embedding WMF code execution
[67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
[67754] Microsoft Windows Ancillary Function Driver privilege escalation
[67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
[67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
[67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting
[67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
[67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation
[67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation
[67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation
[67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation
[67744] Microsoft Windows CSRSS AllocConsole privilege escalation
[67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
[67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
[67732] Microsoft Windows Win32k OTF code execution
[67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
[67730] Microsoft Windows Server Hyper-V VMBus denial of service
[67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
[67727] Microsoft Windows DFS denial of service
[67726] Microsoft Windows DFS code execution
[67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
[67724] Microsoft Windows SMB request denial of service
[67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
[67721] Microsoft Windows SMB responses code execution
[67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
[67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
[67520] Microsoft Windows Vista nsiproxy.sys denial of service
[67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
[67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
[67100] Microsoft Windows Windows Internet Name Service code execution
[66856] Microsoft Windows Media Player .avi buffer overflow
[66855] Microsoft Windows Media Player .ogg denial of service
[66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
[66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
[66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure
[66639] Microsoft Windows XP afd.sys denial of service
[66469] Microsoft Windows Explorer Shmedia.dll denial of service
[66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
[66447] Microsoft Windows Messenger ActiveX control code execution
[66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
[66445] Microsoft Windows VBScript and Jscript code execution
[66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
[66443] Microsoft Windows SMB response code execution
[66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
[66441] Microsoft Windows DNS resolution code execution
[66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
[66439] Microsoft Windows SMB protocol code execution
[66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
[66437] Microsoft Windows OpenType buffer overflow
[66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
[66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
[66431] Microsoft Windows Fax Cover Page Editor code execution
[66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
[66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
[66427] Microsoft Windows GDI+ EMF code execution
[66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
[66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation
[66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
[66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
[66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
[66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
[66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
[66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
[66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
[66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
[66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
[66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
[66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation
[66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation
[66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation
[66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation
[66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation
[66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation
[66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation
[66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation
[66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation
[66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation
[66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation
[66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation
[66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation
[66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation
[66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation
[66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation
[66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation
[66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
[66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation
[66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
[66312] Microsoft Windows Media Player .ape buffer overflow
[66254] Microsoft Windows certificates spoofing
[65972] Microsoft Windows mscorsvw.exe privilege escalation
[65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
[65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
[65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
[65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
[65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
[65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
[65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
[65567] Microsoft Windows RDC code execution
[65495] Microsoft Windows HID weak security
[65383] Microsoft Windows Graphics Rendering Engine height integer overflow
[65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow
[65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow
[65376] Microsoft Windows Server CIFS code execution
[65169] Microsoft Windows Azure information disclosure
[65000] Microsoft Windows MHTML information disclosure
[64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
[64972] Microsoft Windows LSASS privilege escalation
[64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
[64970] Microsoft Windows Win32k.sys privilege escalation
[64969] Microsoft Windows classpointer privilege escalation
[64968] Microsoft Windows pointer privilege escalation
[64967] Microsoft Windows Win32k.sys privilege escalation
[64966] Microsoft Windows Win32k.sys privilege escalation
[64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
[64926] Microsoft Windows kernel privilege escalation
[64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
[64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution
[64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
[64919] Microsoft Windows VBScript and JScript information disclosure
[64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
[64917] Microsoft Windows CSRSS privilege escalation
[64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
[64915] Microsoft Windows Active Directory denial of service
[64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
[64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
[64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
[64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
[64906] Microsoft Windows OpenType Compact Font Format code execution
[64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
[64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
[64901] Microsoft Windows Kerberos spoofing
[64900] Microsoft Windows Kerberos checksum privilege escalation
[64837] Microsoft Windows Fax Cover Page Editor code execution
[64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service
[64474] Microsoft Windows Remote Access Phonebook code execution
[64446] Microsoft Windows Contacts DLL code execution
[64382] Microsoft Windows Graphics Rendering Engine buffer overflow
[64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
[64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
[64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow
[63909] Microsoft Windows dynamic-linked library (oci.dll) code execution
[63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution
[63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution
[63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution
[63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution
[63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution
[63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution
[63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution
[63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution
[63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
[63585] Microsoft Windows Netlogon denial of service
[63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
[63583] Microsoft Windows Movie Maker insecure library loading code execution
[63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
[63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
[63579] Microsoft Windows user mode privilege escalation
[63578] Microsoft Windows cursor privilege escalation
[63577] Microsoft Windows WriteAV privilege escalation
[63576] Microsoft Windows pointer privilege escalation
[63575] Microsoft Windows double free privilege escalation
[63574] Microsoft Windows kernel-mode drivers buffer overflow
[63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
[63572] Microsoft Exchange Server RPC denial of service
[63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
[63570] Microsoft Windows NDProxy buffer overflow
[63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
[63568] Microsoft Windows BranchCache code execution
[63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
[63565] Microsoft Windows Consent User Interface privilege escalation
[63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
[63563] Microsoft Windows Server Hyper-V VMBus denial of service
[63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
[63561] Microsoft Windows OpenType Font (OTF) CMAP code execution
[63560] Microsoft Windows OpenType Font (OTF) format driver code execution
[63559] Microsoft Windows OpenType Font (OTF) format driver code execution
[63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
[63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
[63549] Microsoft Windows Media Encoder code execution
[63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
[63547] Microsoft Windows Internet Signup code execution
[63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
[63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
[63538] Microsoft Windows Knowledge Base Article 968095 update is not installed
[63450] Microsoft Windows REG_BINARY privilege escalation
[62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
[62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
[62796] Microsoft Windows Task Scheduler privilege escalation
[62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
[62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
[62737] Microsoft WindowsTask Scheduler service privilege escalation
[62716] Microsoft Windows Mobile .vcf denial of service
[62643] Microsoft Windows unspecified privilege escalation
[62642] Microsoft Windows unspecified privilege escalation
[62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
[62169] Microsoft Windows Explorer buffer overflow
[62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
[62165] Microsoft Windows Failover Cluster Manager insecure permissions
[62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
[62162] Microsoft Windows Media Player RTSP code execution
[62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
[62153] Microsoft Windows OpenType Font fonts privilege escalation
[62152] Microsoft Windows OpenType Font privilege escalation
[62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
[62148] Microsoft Windows SChannel denial of service
[62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
[62143] Microsoft Windows Knowledge Base Article 982132 update is not installed
[62142] Microsoft Windows OpenType table code execution
[62138] Microsoft Windows Knowledge Base Article 981957 update is not installed
[62137] Microsoft Windows class privilege escalation
[62135] Microsoft Windows keyboard privilege escalation
[62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
[62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
[62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
[62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
[62125] Microsoft Windows Media Player code execution
[62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
[62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
[62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
[62103] Microsoft Windows LPC message privilege escalation
[62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
[62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
[62006] Microsoft Windows unspecified privilege escalation
[61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service
[61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
[61518] Microsoft Windows CSRSS privilege escalation
[61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
[61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
[61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
[61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
[61506] Microsoft Windows Unicode Scripts Processor code execution
[61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
[61503] Microsoft Windows Print Spooler service code execution
[61501] Microsoft Windows Knowledge Base Article 975558 update is not installed
[61500] Microsoft Windows MPEG-4 code execution
[61499] Microsoft Windows Knowledge Base Article 982802 update is not installed
[61258] Microsoft Windows IcmpSendEcho2Ex denial of service
[61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation
[61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service
[61129] Microsoft Windows Kerberos security bypass
[60975] Microsoft Windows CreateDIBPalette() buffer overflow
[60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
[60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
[60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
[60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
[60723] Microsoft Windows Knowledge Base Article 978886 update is not installed
[60722] Microsoft Windows TCP/IP input buffer privilege escalation
[60721] Microsoft WindowsTCP/IP IPv6 denial of service
[60719] Microsoft Windows Knowledge Base Article 980436 update is not installed
[60718] Microsoft Windows SChannel code execution
[60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
[60705] Microsoft Windows Knowledge Base Article 981852 update is not installed
[60704] Microsoft Windows kernel ACL denial of service
[60703] Microsoft Windows kernel errors privilege escalation
[60702] Microsoft Windows kernel threads privilege escalation
[60701] Microsoft Windows Knowledge Base Article 981997 update is not installed
[60700] Microsoft Windows Movie Maker code execution
[60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
[60697] Microsoft Windows kernel-mode drivers window privilege escalation
[60696] Microsoft Windows kernel-mode drivers input privilege escalation
[60695] Microsoft Windows kernel-mode drivers memory privilege escalation
[60694] Microsoft Windows kernel-mode drivers exception privilege escalation
[60693] Microsoft Windows kernel-mode drivers denial of service
[60692] Microsoft Windows Knowledge Base Article 982214 update is not installed
[60691] Microsoft Windows SMB stack denial of service
[60690] Microsoft Windows SMB variable denial of service
[60689] Microsoft Windows SMB pool code execution
[60688] Microsoft Windows Knowledge Base Article 982665 update is not installed
[60687] Microsoft Windows Cinepak Codec code execution
[60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
[60685] Microsoft Windows MPEG Layer-3 Codecs code execution
[60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
[60683] Microsoft Windows XML Core Services (MSXML) code execution
[60682] Microsoft Windows Knowledge Base Article 982799 update is not installed
[60681] Microsoft Windows Tracing Feature privilege escalation
[60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
[60679] Microsoft Windows registry key ACL privilege escalation
[60678] Microsoft Windows Service Isolation privilege escalation
[60677] Microsoft Windows Knowledge Base Article 983539 update is not installed
[60676] Microsoft Windows LSASS privilege escalation
[60422] Microsoft Windows .lnk file code execution
[60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation
[60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow
[59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
[59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
[59895] Microsoft Windows Knowledge Base Article 978212 update is not installed
[59891] Microsoft Windows Knowledge Base Article 982335 update is not installed
[59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting
[59267] Microsoft Windows helpctr.exe command execution
[58944] Microsoft Windows Knowledge Base Article 979902 update not installed
[58943] Microsoft Windows MJPEG code execution
[58942] Microsoft Windows media files code execution
[58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
[58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
[58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation
[58885] Microsoft Windows Knowledge Base Article 980218 update is not installed
[58884] Microsoft Windows OpenType Compact Font Format privilege escalation
[58883] Microsoft Windows Knowledge Base Article 981343 update is not installed
[58871] Microsoft Windows Knowledge Base Article 982381 update is not installed
[58865] Microsoft Windows Knowledge Base Article 982666 update is not installed
[58863] Microsoft Windows Knowledge Base Article 983235 update is not installed
[58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution
[58345] Microsoft Windows SMTP Service query id spoofing
[58344] Microsoft Windows SMTP Service DNS spoofing
[58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting
[58173] Microsoft Windows Knowledge Base Article 978542 update is not installed
[58172] Microsoft Outlook Express and Windows Mail client integer overflow
[58171] Microsoft Windows Knowledge Base Article 978213 update is not installed
[58060] Microsoft Windows SfnINSTRING() privilege escalation
[58059] Microsoft Windows SfnLOGONNOTIFY() denial of service
[57601] Microsoft Windows kernel exceptions denial of service
[57600] Microsoft Windows kernel image file denial of service
[57599] Microsoft Windows kernel path denial of service
[57597] Microsoft Windows kernel registry keys denial of service
[57596] Microsoft Windows kernel symbolic links denial of service
[57595] Microsoft Windows kernel registry keys denial of service
[57580] Microsoft Windows Knowledge Base Article 981210 update is not installed
[57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution
[57578] Microsoft Windows WinVerifyTrust signature validation code execution
[57380] Microsoft Windows Knowledge Base Article 979683 update is not installed
[57379] Microsoft Windows kernel symbolic link privilege escalation
[57378] Microsoft Windows kernel memory privilege escalation
[57377] Microsoft Windows Knowledge Base Article 979559 update is not installed
[57376] Microsoft Windows kernel-mode drivers windows privilege escalation
[57375] Microsoft Windows kernel-mode drivers objects privilege escalation
[57374] Microsoft Windows Knowledge Base Article 977816 update is not installed
[57372] Microsoft Windows Knowledge Base Article 978338 update is not installed
[57370] Microsoft Windows ISATAP IPv6 spoofing
[57343] Microsoft Windows Knowledge Base Article 979402 update is not installed
[57342] Microsoft Windows Media Player ActiveX control code execution
[57341] Microsoft Windows Knowledge Base Article 980094 update is not installed
[57337] Microsoft Windows Knowledge Base Article 980195 update is not installed
[57336] Microsoft Windows Knowledge Base Article 980232 update is not installed
[57335] Microsoft Windows SMB message code execution
[57334] Microsoft Windows SMB transaction responses code execution
[57333] Microsoft Windows SMB code execution
[57332] Microsoft Windows SMB memory privilege escalation
[57330] Microsoft Windows Knowledge Base Article 980858 update is not installed
[57329] Microsoft Windows Media Services info packets buffer overflow
[57328] Microsoft Windows Knowledge Base Article 981160 update is not installed
[57326] Microsoft Windows Knowledge Base Article 981169 update is not installed
[57325] Microsoft Windows Knowledge Base Article 981832 update is not installed
[57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure
[57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service
[57322] Microsoft Windows Knowledge Base Article 980182 update is not installed
[57205] Microsoft Windows Media Player .AVI code execution
[56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution
[56756] Microsoft Windows .ani file denial of service
[56591] Microsoft Windows API denial of service
[56560] Microsoft Windows winhlp32.exe buffer overflow
[56558] Microsoft Windows MsgBox() code execution
[56470] Microsoft Windows Knowledge Base Article 980150 update is not installed
[56461] Microsoft Windows Knowledge Base Article 975561 update is not installed
[56435] Microsoft Windows Media Player .mpg denial of service
[56218] Microsoft Windows DNS weak security
[55935] Microsoft Windows Knowledge Base Article 975713 update is not installed
[55934] Microsoft Windows Knowledge Base Article 978037 update is not installed
[55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation
[55932] Microsoft Windows Knowledge Base Article 978214 update is not installed
[55930] Microsoft Windows Knowledge Base Article 977935 update is not installed
[55928] Microsoft Windows Knowledge Base Article 978706 update is not installed
[55926] Microsoft Windows Knowledge Base Article 977894 update is not installed
[55925] Microsoft Windows Hyper-V instruction set denial of service
[55924] Microsoft Windows Knowledge Base Article 977377 update is not installed
[55923] Microsoft Windows Knowledge Base Article 977290 update is not installed
[55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service
[55921] Microsoft Windows Knowledge Base Article 977165 update is not installed
[55920] Microsoft Windows kernel privilege escalation
[55917] Microsoft Windows Knowledge Base Article 978262 update is not installed
[55910] Microsoft Windows Knowledge Base Article 971468 update is not installed
[55909] Microsoft Windows SMB NTLM privilege escalation
[55908] Microsoft Windows SMB NULL denial of service
[55907] Microsoft Windows SMB denial of service
[55906] Microsoft Windows SMB pathname code execution
[55898] Microsoft Windows Knowledge Base Article 974145 update is not installed
[55897] Microsoft Windows TCP/IP SACK denial of service
[55896] Microsoft Windows TCP/IP Route Information code execution
[55895] Microsoft Windows TCP/IP stack datagram code execution
[55894] Microsoft Windows TCP/IP ICMPv6 code execution
[55890] Microsoft Windows Knowledge Base Article 975416 update is not installed
[55779] Microsoft Windows Knowledge Base Article 978207 update is not installed
[55742] Microsoft Windows #GP trap handler privilege escalation
[55680] Microsoft Windows Media Player ActiveX control code execution
[55560] Microsoft Windows XP Flash Player code execution
[55153] Microsoft Windows Knowledge Base Article 978251 update is not installed
[55152] Microsoft Windows Server Message Block client code execution
[55151] Microsoft Windows Server Message Block pool code execution
[55150] Microsoft Windows Knowledge Base Article 972270 update is not installed
[55149] Microsoft Windows EOT font buffer overflow
[54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution
[54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution
[54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow
[54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow
[54445] Microsoft Windows Knowledge Base Article 975539 update is not installed
[54443] Microsoft Windows Knowledge Base Article 974392 update is not installed
[54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service
[54440] Microsoft Windows Knowledge Base Article 974318 update is not installed
[54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation
[54438] Microsoft Windows Internet Authentication Service (IAS) code execution
[54427] Microsoft Windows Knowledge Base Article 971726 update is not installed
[54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution
[54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing
[54424] Microsoft Windows Knowledge Base Article 967183 update is not installed
[54422] Microsoft Windows Knowledge Base Article 976325 update is not installed
[54217] Microsoft Windows KeAccumulateTicks() denial of service
[54012] Microsoft Windows Knowledge Base Article 972652 update is not installed
[53991] Microsoft Windows Knowledge Base Article 973309 update is not installed
[53990] Microsoft Windows ADAM LDAP denial of service
[53986] Microsoft Windows Knowledge Base Article 973565 update is not installed
[53985] Microsoft Windows WSDAPI code execution
[53981] Microsoft Windows Knowledge Base Article 974783 update is not installed
[53980] Microsoft Windows 2000 License Logging Server buffer overflow
[53977] Microsoft Windows Knowledge Base Article 976307 update is not installed
[53975] Microsoft Windows Knowledge Base Article 969947 update is not installed
[53974] Microsoft Windows kernel font code execution
[53973] Microsoft Windows kernel GDI privilege escalation
[53972] Microsoft Windows kernel NULL pointer privilege escalation
[53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed
[53550] Microsoft Windows Knowledge Base Article 974112 update is not installed
[53549] Microsoft Windows Media Player ASF file buffer overflow
[53548] Microsoft Windows Knowledge Base Article 971486 update is not installed
[53547] Microsoft Windows kernel exception handler denial of service
[53546] Microsoft Windows kernel user mode privilege escalation
[53545] Microsoft Windows kernel 64-bit truncation privilege escalation
[53544] Microsoft Windows Knowledge Base Article 974455 update is not installed
[53541] Microsoft Windows Knowledge Base Article 969059 update is not installed
[53540] Microsoft Windows Indexing Service ActiveX control code execution
[53537] Microsoft Windows Knowledge Base Article 974571 update is not installed
[53536] Microsoft Windows CryptoAPI ASN.1 spoofing
[53535] Microsoft Windows CryptoAPI NULL spoofing
[53534] Microsoft Windows Knowledge Base Article 975254 update is not installed
[53533] Microsoft Windows Knowledge Base Article 957488 update is not installed
[53531] Microsoft Windows GDI+ Microsoft Office file code execution
[53530] Microsoft Windows GDI+ PNG image code execution
[53529] Microsoft Windows GDI+ .NET Framework API code execution
[53528] Microsoft Windows GDI+ TIFF image code execution
[53527] Microsoft Windows GDI+ TIFF image buffer overflow
[53526] Microsoft Windows GDI+ PNG image buffer overflow
[53525] Microsoft Windows GDI+ WMF image code execution
[53522] Microsoft Windows Knowledge Base Article 975517 update is not installed
[53517] Microsoft Windows Knowledge Base Article 975682 update is not installed
[53516] Microsoft Windows Media Player audio files code execution
[53514] Microsoft Windows Media Player ASF code execution
[53512] Microsoft Windows Knowledge Base Article 975467 update is not installed
[53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service
[53090] Microsoft Windows srv2.sys code execution
[52948] Microsoft Windows Knowledge Base Article 973965 update is not installed
[52775] Microsoft Windows Knowledge Base Article 973812 update is not installed
[52774] Microsoft Windows Media Format MP3 files code execution
[52773] Microsoft Windows Media Format ASF files code execution
[52771] Microsoft Windows Knowledge Base Article 971961 update is not installed
[52770] Microsoft Windows Jscript code execution
[52403] Microsoft Windows OpenType font engine denial of service
[52137] Microsoft Windows Knowledge Base Article 969706 update is not installed
[52131] Microsoft Windows Knowledge Base Article 972260 update is not installed
[52128] Microsoft Windows Knowledge Base Article 967723 update is not installed
[52127] Microsoft Windows TCP/IP orphaned connections denial of service
[52126] Microsoft Windows TCP/IP timestamps code execution
[52117] Microsoft Windows Knowledge Base Article 970927 update is not installed
[52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow
[52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow
[52114] Microsoft Windows Knowledge Base Article 970957 update is not installed
[52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service
[52111] Microsoft Windows Knowledge Base Article 969883 update is not installed
[52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow
[52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow
[52108] Microsoft Windows Knowledge Base Article 960859 update is not installed
[52107] Microsoft Windows Knowledge Base Article 971032 update is not installed
[52104] Microsoft Windows telnet privilege escalation
[52103] Microsoft Windows Knowledge Base Article 956844 update is not installed
[52102] Microsoft Windows DHTML Editing Component ActiveX control code execution
[52097] Microsoft Windows Knowledge Base Article 971557 update is not installed
[52096] Microsoft Windows AVI validation integer overflow
[52095] Microsoft Windows AVI code execution
[52093] Microsoft Windows Knowledge Base Article 971657 update is not installed
[52089] Microsoft Windows Knowledge Base Article 973908 update is not installed
[51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed
[51471] Microsoft Windows Knowledge Base Article 970811 update is not installed
[51469] Microsoft Windows Knowledge Base Article 970710 update is not installed
[51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow
[51465] Microsoft Windows Knowledge Base Article 969856 update is not installed
[51463] Microsoft Windows Knowledge Base Article 971633 update is not installed
[51462] Microsoft Windows Knowledge Base Article 969516 update is not installed
[51457] Microsoft Windows Knowledge Base Article 957638 update is not installed
[51097] Microsoft Windows atapi.sys privilege escalation
[51034] Microsoft PowerPoint Freelance Windows buffer overflow
[50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
[50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service
[50826] Microsoft Windows Knowledge Base Article 969898 update is not installed
[50798] Microsoft Windows Knowledge Base Article 970238 update is not installed
[50795] Microsoft Windows Knowledge Base Article 969514 update is not installed
[50791] Microsoft Windows Knowledge Base Article 969462 update is not installed
[50783] Microsoft Windows Knowledge Base Article 968537 update is not installed
[50782] Microsoft Windows desktop parameter privilege escalation
[50781] Microsoft Windows system call privilege escalation
[50780] Microsoft Windows kernel pointer privilege escalation
[50779] Microsoft Windows kernel kernel objects privilege escalation
[50778] Microsoft Windows Knowledge Base Article 963093 update is not installed
[50777] Microsoft Windows Search weak security
[50776] Microsoft Windows Knowledge Base Article 969897 update is not installed
[50768] Microsoft Windows Knowledge Base Article 970483 update is not installed
[50767] Microsoft Windows Knowledge Base Article 971055 update is not installed
[50766] Microsoft Windows Knowledge Base Article 961501 update is not installed
[50765] Microsoft Windows Print Spooler service privilege escalation
[50763] Microsoft Windows Print Spooler service buffer overflow
[50762] Microsoft Windows Knowledge Base Article 961371 update is not installed
[50761] Microsoft Windows Active Directory LDAP denial of service
[50760] Microsoft Windows Embedded OpenType (EOT) integer overflow
[50759] Microsoft Windows 2000 Active Directory LDAP code execution
[50758] Microsoft Windows EOT buffer overflow
[50757] Microsoft Windows Knowledge Base Article 957632 update is not installed
[50391] Microsoft Windows Media Player MID file denial of service
[50281] Microsoft Windows Knowledge Base Article 967340 update is not installed
[50129] Microsoft Windows gdiplus.dll PNG denial of service
[49598] Microsoft Windows Knowledge Base Article 959426 update is not installed
[49588] Microsoft Windows Knowledge Base Article 960477 update is not installed
[49586] Microsoft Windows Knowledge Base Article 959454 update is not installed
[49584] Microsoft Windows Threadpool ACL privilege escalation
[49578] Microsoft Windows WMI privilege escalation
[49570] Microsoft Windows Knowledge Base Article 961759 update is not installed
[49569] Microsoft Windows Knowledge Base Article 960803 update is not installed
[49566] Microsoft Windows HTTP services certificate spoofing
[49562] Microsoft Windows HTTP services integer underflow
[49560] Microsoft Windows Knowledge Base Article 961373 update is not installed
[49558] Microsoft Windows Knowledge Base Article 963027 update is not installed
[49547] Microsoft Windows Knowledge Base Article 968557 update is not installed
[49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service
[49435] Microsoft Windows unlzh.c and unpack.c gzip code execution
[49079] Microsoft Windows DNS server memory leak denial of service
[48909] Microsoft Windows Knowledge Base Article 962238 update is not installed
[48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing
[48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing
[48906] Microsoft Windows DNS server cache response spoofing
[48905] Microsoft Windows DNS server query response spoofing
[48392] Microsoft Windows I/O information disclosure
[48326] Microsoft Windows Knowledge Base Article 960715 update is not installed
[48312] Microsoft Windows Knowledge Base Article 959420 update is not installed
[48311] Microsoft Windows Knowledge Base Article 961260 update not installed
[48308] Microsoft Windows Knowledge Base Article 960225 update is not installed
[48307] Microsoft Windows SChannel certificate spoofing
[48302] Microsoft Windows Knowledge Base Article 957634 update not installed
[48301] Microsoft Windows Knowledge Base Article 958690 update is not installed
[48300] Microsoft Windows kernel pointer validation privilege escalation
[48299] Microsoft Windows kernel handle validation privilege escalation
[48298] Microsoft Windows kernel GDI validation code execution
[48295] Microsoft Windows Knowledge Base Article 974378 update not installed
[48189] Microsoft Windows AutoRun feature enabled
[47867] Microsoft Windows .CHM file denial of service
[47760] Microsoft Windows Media Player WAV file code execution
[47676] Microsoft Windows Knowledge Base Article 958687 update not installed
[47674] Microsoft Windows SMB NT Trans2 request code execution
[47673] Microsoft Windows SMB NT Trans request buffer overflow
[47672] Microsoft Windows Knowledge Base Article 959239 update not installed
[47664] Microsoft Windows Media Player WAV or SND file denial of service
[47428] Microsoft Windows Knowledge Base Article 960714 update is not installed
[46870] Microsoft Windows Knowledge Base Article 959807 update is not installed
[46869] Microsoft Windows Media Components ISATAP information disclosure
[46868] Microsoft Windows Media Components SPN NTLM credentials code execution
[46867] Microsoft Windows Knowledge Base Article 959349 update is not installed
[46866] Microsoft Windows search-ms protocol code execution
[46865] Microsoft Windows saved search file code execution
[46864] Microsoft Windows Knowledge Base Article 959070 update is not installed
[46861] Microsoft Windows Knowledge Base Article 958215 update not installed
[46856] Microsoft Windows Knowledge Base Article 957175 update is not installed
[46853] Microsoft Windows Knowledge Base Article 957173 update not installed
[46844] Microsoft Windows Knowledge Base Article 956802 update is not installed
[46843] Microsoft Windows GDI WMF image file buffer overflow
[46842] Microsoft Windows GDI WMF image file integer overflow
[46742] Microsoft Windows Vista iphlpapi.dll buffer overflow
[46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service
[46506] Microsoft Windows UnhookWindowsHookEx() denial of service
[46385] Microsoft Windows Media Player MIDI or DAT file denial of service
[46194] Microsoft Windows Knowledge Base Article 957097 update is not installed
[46191] Microsoft Windows SMB NTLM credentials code execution
[46190] Microsoft Windows Knowledge Base Article 932349 update is not installed
[46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow
[46102] Microsoft Windows 2003 SP2 is not installed on the system
[46101] Microsoft Windows 2003 SP1 is not installed on the system
[46100] Microsoft Windows XP Service Pack 3 is not installed on the system
[46099] Microsoft Windows XP Service Pack 1 is not installed on the system
[46042] Microsoft Windows Knowledge Base Article 958644 update not installed
[45857] Microsoft Windows Mobile HTC Hermes device security bypass
[45719] Microsoft Windows Vista page faults denial of service
[45586] Microsoft Windows Knowledge Base Article 957280 update is not installed
[45585] Microsoft Windows Active Directory LDAP search buffer overflow
[45582] Microsoft Windows Knowledge Base Article 956803 update is not installed
[45581] Microsoft Windows Knowledge Base Article 956416 update is not installed
[45578] Microsoft Windows Ancillary Function Driver privilege escalation
[45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed
[45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation
[45565] Microsoft Windows Knowledge Base Article 956390 update is not installed
[45561] Microsoft Windows Knowledge Base Article 957095 update is not installed
[45560] Microsoft Windows SMB file name buffer underflow
[45557] Microsoft Windows Knowledge Base Article 955218 update is not installed
[45550] Microsoft Windows Knowledge Base Article 957699 update is not installed
[45548] Microsoft Windows Knowledge Base Article 953155 update is not installed
[45545] Microsoft Windows Internet Printing Protocol code execution
[45544] Microsoft Windows Knowledge Base Article 954211 update is not installed
[45543] Microsoft Windows kernel input privilege escalation
[45542] Microsoft Windows kernel system calls privilege escalation
[45541] Microsoft Windows kernel new window privilege escalation
[45538] Microsoft Windows Knowledge Base Article 951071 update is not installed
[45537] Microsoft Message Queuing RPC code execution
[45464] Microsoft Windows XP GDI+ .ICO denial of service
[45463] Microsoft Windows Mobile bluetooth device name denial of service
[45209] Microsoft Windows Media Player installed
[45146] Microsoft Windows WRITE_ANDX SMB packet denial of service
[45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite
[44727] Microsoft Windows Knowledge Base Article 956391 update not installed
[44716] Microsoft Windows Knowledge Base Article 954593 update not installed
[44715] Microsoft Windows GDI+ BMP header buffer overflow
[44714] Microsoft Windows GDI+ WMF buffer overflow
[44713] Microsoft Windows GDI+ GIF index parsing buffer overflow
[44711] Microsoft Windows GDI+ EMF code execution
[44710] Microsoft Windows GDI+ VML gradient buffer overflow
[44708] Microsoft Windows Knowledge Base Article 955047 update not installed
[44705] Microsoft Windows Knowledge Base Article 956695 update not installed
[44704] Microsoft Host Integration Server SNA RPC code execution
[44703] Microsoft Windows Knowledge Base Article 954156 update not installed
[44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow
[44625] Microsoft Windows ATL Load() code execution
[44423] Microsoft Windows nslookup.exe code execution
[44106] Microsoft Windows Knowledge Base Article 953839 update not installed
[44099] Microsoft Windows Knowledge Base Article 953838 update not installed
[44092] Microsoft Windows Knowledge Base Article 954066 update not installed
[44087] Microsoft Windows Knowledge Base Article 953733 update not installed
[44086] Microsoft Windows IPSec policy information disclosure
[44085] Microsoft Windows Knowledge Base Article 952954 update not installed
[44083] Microsoft Windows Knowledge Base Article 954154 update not installed
[44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow
[44081] Microsoft Windows Knowledge Base Article 955048 update not installed
[44080] Microsoft Windows Knowledge Base Article 955617 update not installed
[44079] Microsoft Windows Knowledge Base Article 950974 update not installed
[43340] Microsoft Windows Knowledge Base Article 950582 update not installed
[43339] Microsoft Windows Explorer saved search file code execution
[43336] Microsoft Windows Knowledge Base Article 953230 update not installed
[43335] Microsoft Windows DNS Server cache poisoning
[43330] Microsoft Windows Knowledge Base Article 953747 update not installed
[42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow
[42765] Apple Safari Microsoft Windows code execution
[42701] Microsoft Windows Knowledge Base Article 950760 update not installed
[42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution
[42697] Microsoft Windows Knowledge Base Article 950762 update not installed
[42696] Microsoft Windows PGM fragment option denial of service
[42695] Microsoft Windows PGM option length denial of service
[42693] Microsoft Windows Knowledge Base Article 950759 update not installed
[42691] Microsoft Windows Knowledge Base Article 949785 update not installed
[42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth
[42685] Microsoft Windows Knowledge Base Article 951376 update not installed
[42684] Microsoft Windows Knowledge Base Article 948745 update not installed
[42682] Microsoft Windows Bluetooth SDP code execution
[42677] Microsoft Windows Knowledge Base Article 955702 update not installed
[42676] Microsoft Windows Messenger ActiveX control information disclosure
[42675] Microsoft Windows Knowledge Base Article 951698 update not installed
[42674] Microsoft Windows DirectX SAMI buffer overflow
[42672] Microsoft Windows Knowledge Base Article 953235 update not installed
[42668] Microsoft Windows Active Directory LDAP request denial of service
[42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution
[42334] Microsoft Windows CE JPEG and GIF code execution
[42109] Microsoft Windows Knowledge Base Article 952044 update not installed
[42103] Microsoft Windows Knowledge Base Article 951208 update not installed
[42101] Microsoft Windows Knowledge Base Article 951207 update not installed
[42095] Microsoft Windows Knowledge Base Article 950749 update not installed
[41880] Microsoft Windows MSDTC privilege escalation
[41481] Microsoft Windows Knowledge Base Article 945553 update not installed
[41480] Microsoft Windows DNS client spoofing
[41477] Microsoft Windows Knowledge Base Article 947864 update not installed
[41473] Microsoft Windows Knowledge Base Article 948590 update not installed
[41472] Microsoft Windows GDI EMF filename parameter buffer overflow
[41471] Microsoft Windows GDI EMF and WMF header buffer overflow
[41470] Microsoft Windows Knowledge Base Article 941693 update not installed
[41469] Microsoft Windows kernel usermode privilege escalation
[41465] Microsoft Windows Knowledge Base Article 948881 update not installed
[41463] Microsoft Windows Knowledge Base Article 941203 update not installed
[41453] Microsoft Windows Knowledge Base Article 949032 update not installed
[41448] Microsoft Windows Knowledge Base Article 950183 update not installed
[41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security
[40937] Microsoft Windows Knowledge Base Article 815495 update not installed
[40889] Microsoft Windows Knowledge Base Article 949030 update not installed
[40886] Microsoft Windows Knowledge Base Article 949031 update not installed
[40879] Microsoft Windows Knowledge Base Article 949029 update not installed
[40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow
[40103] Microsoft Windows Knowledge Base Article 946538 update not installed
[40102] Microsoft Windows Active Directory LDAP request denial of service
[40101] Microsoft Windows Knowledge Base Article 947077 update not installed
[40099] Microsoft Windows Knowledge Base Article 946456 update not installed
[40098] Microsoft Windows Vista DHCP denial of service
[40097] Microsoft Windows Knowledge Base Article 947081 update not installed
[40094] Microsoft Windows Knowledge Base Article 947085 update not installed
[40091] Microsoft Windows Knowledge Base Article 944533 update not installed
[40078] Microsoft Windows Knowledge Base Article 947108 update not installed
[40063] Microsoft Windows Knowledge Base Article 946026 update not installed
[40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow
[40059] Microsoft Windows Knowledge Base Article 944338 update not installed
[40056] Microsoft Windows VBScript and JScript engines code execution
[40048] Microsoft Windows Knowledge Base Article 947890 update not installed
[40043] Microsoft Windows OLE script request buffer overflow
[39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow
[39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow
[39254] Microsoft Windows TCP/IP ICMP denial of service
[39238] Microsoft Windows Knowledge Base Article 941644 update not installed
[39237] Microsoft Windows Knowledge Base Article 942831 update not installed
[39236] Microsoft Windows Knowledge Base Article 943485 update not installed
[39233] Microsoft Windows LSASS LPC privilege escalation
[39232] Microsoft Windows Knowledge Base Article 942830 update not installed
[39052] Microsoft Windows DirectX MJPEG decoder code execution
[38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow
[38850] Microsoft Windows CryptGenRandom information disclosure
[38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow
[38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow
[38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow
[38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow
[38797] Microsoft Windows Media Player AIFF denial of service
[38730] Microsoft Windows Knowledge Base Article 943078 update not installed
[38729] Microsoft Windows Vista kernel ALPC privilege escalation
[38728] Microsoft Windows Knowledge Base Article 944653 update not installed
[38726] Microsoft Windows Knowledge Base Article 942624 update not installed
[38725] Microsoft Windows Vista SMBv2 signing code execution
[38723] Microsoft Windows Knowledge Base Article 941568 update not installed
[38717] Microsoft Windows Knowledge Base Article 942615 update not installed
[38711] Microsoft Windows Knowledge Base Article 941569 update not installed
[38315] Microsoft Windows Knowledge Base Article 943460 update not installed
[37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow
[37249] Microsoft Windows Mobile SMS sender field obfuscation
[37226] Microsoft Windows Knowledge Base Article 815495 update not installed
[36980] Microsoft Windows Explorer PNG file denial of service
[36961] Microsoft Windows Explorer extended attributes multiple buffer overflows
[36819] Microsoft Windows Knowledge Base Article 939653 update not installed
[36812] Microsoft Windows Knowledge Base Article 941202 update not installed
[36811] Microsoft Outlook Express and Windows Mail NNTP response code execution
[36807] Microsoft Windows Knowledge Base Article 933729 update not installed
[36806] Microsoft Windows Knowledge Base Article 941672 update not installed
[36805] Microsoft Windows DNS spoofing information disclosure
[36804] Microsoft Windows Knowledge Base Article 942695 update not installed
[36800] Microsoft Windows Knowledge Base Article 923810 update not installed
[36799] Microsoft Windows Kodak image Viewer code execution
[36662] Microsoft Windows Media Player meta file security bypass
[36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow
[36490] Microsoft Windows Knowledge Base Article 942099 update not installed
[36381] Microsoft Windows Knowledge Base Article 939778 update not installed
[36378] Microsoft Windows UNIX services setuid binary privilege escalation
[36376] Microsoft Windows Knowledge Base Article 941522 update not installed
[35919] Microsoft Windows VML detected
[35902] Microsoft Windows process scheduler denial of service
[35897] Microsoft Windows Vista Weather Gadget code execution
[35895] Microsoft Windows Media Player skin decompression code execution
[35886] Microsoft Windows ARP request denial of service
[35878] Microsoft Windows Media Player .AU file denial of service
[35853] Microsoft Windows Vista kernel unspecified vulnerability
[35816] Microsoft Windows Knowledge Base Article 940965 update not installed
[35802] Microsoft Windows Vista Calendar ICS denial of service
[35771] Microsoft Windows Vista Contacts Gadget code execution
[35770] Microsoft Windows Vista Feed Headlines Gadget code execution
[35766] Microsoft Windows Knowledge Base Article 937894 update not installed
[35762] Microsoft Windows Knowledge Base Article 938127 update not installed
[35761] Microsoft Windows VML vgx.dll buffer overflow
[35760] Microsoft Windows Knowledge Base Article 937143 update not installed
[35753] Microsoft Windows Knowledge Base Article 938827 update not installed
[35746] Microsoft Windows Knowledge Base Article 938829 update not installed
[35745] Microsoft Windows GDI WMF image code execution
[35742] Microsoft Windows Knowledge Base Article 936782 update not installed
[35741] Microsoft Windows Media Player skin parsing buffer overflow
[35739] Microsoft Windows Knowledge Base Article 942017 update not installed
[35582] Microsoft Windows URI protocol handling command execution
[35538] Microsoft Windows Explorer GIF denial of service
[35397] Microsoft Windows Vista USER32.DLL denial of service
[35322] Microsoft Windows Vista firewall information disclosure
[35219] Microsoft Windows Knowledge Base Article 936542 update is not installed
[35216] Microsoft Windows Knowledge Base Article 933103 update not installed
[35206] Microsoft Windows Knowledge Base Article 939373 update is not installed
[35202] Microsoft Windows Knowledge Base Article 935807 update not installed
[35199] Microsoft Windows Knowledge Base Article 936227 update not installed
[35190] Microsoft Windows Knowledge Base Article 936548 update not installed
[35183] Microsoft Windows Knowledge Base Article 937986 update not installed
[35181] Microsoft Windows Knowledge Base Article 926122 update is not installed
[35180] Microsoft Windows Active Directory LDAP denial of service
[35179] Microsoft Windows Active Directory LDAP attribute buffer overflow
[35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows
[34743] Microsoft Windows GDI+ denial of service
[34648] Microsoft Windows Knowledge Base Article 935839 update not installed
[34645] Microsoft Windows Win32 API code execution
[34642] Microsoft Windows Knowledge Base Article 935840 update not installed
[34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET
[34636] Microsoft Windows Schannel code execution
[34634] Microsoft Windows Server 2003 Active Directory information disclosure
[34633] Microsoft Windows Knowledge Base Article 933566 update not installed
[34624] Microsoft Windows Knowledge Base Article 929123 update not installed
[34623] Microsoft Windows MHTML Content-Disposition information disclosure
[34622] Microsoft Windows MHTML URL redirect information disclosure
[34618] Microsoft Windows Vista ACL user credentials information disclosure
[34611] Microsoft Windows Knowledge Base Article 927051 update not installed
[34599] Microsoft Windows Server 2003 terminal server security bypass
[34444] Microsoft Windows unspecified code execution
[34032] Microsoft Windows Knowledge Base Article 935966 update not installed
[33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation
[33916] Microsoft Windows Knowledge Base Article 934233 update not installed
[33909] Microsoft Windows Knowledge Base Article 934873 update not installed
[33902] Microsoft Windows Knowledge Base Article 934232 update not installed
[33891] Microsoft Windows Knowledge Base Article 931832 update not installed
[33667] Microsoft Windows unspecified buffer overflow
[33473] Microsoft Windows dynamic DNS update unauthorized access
[33410] Microsoft Windows Vista LLTD Mapper host spoofing
[33409] Microsoft Windows Vista LLTD Mapper bridge spoofing
[33401] Microsoft Windows Vista LLTD Responder host spoofing
[33399] Microsoft Windows Vista LLTD Mapper denial of service
[33398] Microsoft Windows Vista Teredo address weak security
[33396] Microsoft Windows Vista Meeting Space weak security
[33395] Microsoft Windows Vista nonce spoofing
[33394] Microsoft Windows Vista Neighbor Advertisements spoofing
[33393] Microsoft Windows Vista ARP denial of service
[33301] Microsoft Windows animated cursor (ANI) buffer overflow
[33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service
[33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation
[33271] Microsoft Windows Knowledge Base Article 931784 update not installed
[33270] Microsoft Windows kernel VDM mapped memory privilege escalation
[33269] Microsoft Windows Knowledge Base Article 931261 update not installed
[33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow
[33267] Microsoft Windows Knowledge Base Article 932168 update not installed
[33266] Microsoft Windows Knowledge Base Article 925902 update not installed
[33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation
[33263] Microsoft Windows GDI color parameter buffer overflow
[33261] Microsoft Windows GDI window size privilege escalation
[33259] Microsoft Windows GDI EMF image buffer overflow
[33258] Microsoft Windows GDI WMF image denial of service
[33257] Microsoft Windows Knowledge Base Article 931768 update not installed
[33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure
[33225] Microsoft Windows Media File Format ASF multiple buffer overflows
[33167] Microsoft Windows Vista Mail Client code execution
[33118] Microsoft Windows XP winmm.dll denial of service
[33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow
[33086] Microsoft Windows Ndistapi.sys driver denial of service
[33037] Microsoft Windows Explorer WMF file denial of service
[32921] Microsoft Windows ole32.dll library denial of service
[32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access
[32740] Microsoft Windows Knowledge Base Article 931906 update not installed
[32738] Microsoft Windows Knowledge Base Article 925939 update not installed
[32644] Microsoft Windows ReadDirectoryChangesW information disclosure
[32419] Microsoft Windows Knowledge Base Article 932554 update not installed
[32394] Microsoft Windows Mobile Internet Explorer WML page denial of service
[32282] Microsoft Windows Knowledge Base Article 927802 update not installed
[32280] Microsoft Windows Image Acquisition service buffer overflow
[32153] Microsoft Windows permanent password detected
[32116] Microsoft Windows administrator password no expiration set
[32111] Microsoft Windows Knowledge Base Article 928255 update not installed
[32110] Microsoft Windows Knowledge Base Article 928843 update not installed
[32109] Microsoft Windows HTML Help ActiveX control code execution
[32108] Microsoft Windows shell new hardware detection privilege escalation
[32107] Microsoft Windows Knowledge Base Article 928090 update not installed
[32104] Microsoft Windows Knowledge Base Article 929434 update not installed
[32090] Microsoft Windows Knowledge Base Article 927779 update not installed
[32071] Microsoft Windows Explorer AVI file denial of service
[32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service
[32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service
[31845] Microsoft Windows user account never used
[31844] Microsoft Windows guest user account unchanged
[31843] Microsoft Windows built-in guest account enumerated
[31842] Microsoft Windows user account password unchanged
[31821] Microsoft Windows time zone update for year 2007
[31288] Microsoft Windows Knowledge Base Article 929969 update not installed
[31264] Microsoft Windows Knowledge Base Article 930178 update not installed
[31210] Microsoft Windows Knowledge Base Article 927198 update is not installed
[31199] Microsoft Windows Knowledge Base Article 921585 update is not installed
[31191] Microsoft Windows Knowledge Base Article 925938 update is not installed
[31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure
[31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service
[31018] Microsoft Windows CSRSS MessageBox function privilege escalation
[31015] Microsoft Windows Explorer WMV file denial of service
[31014] Microsoft Windows Media Player MIDI file denial of service
[31008] Microsoft Windows XP directory weak permission
[30757] Microsoft Windows Knowledge Base Article 926121 update not installed
[30756] Microsoft Windows Remote Installation Service code execution
[30717] Microsoft Windows Print Spooler denial of service
[30610] Microsoft Windows Knowledge Base Article 926436 update not installed
[30608] Microsoft Windows Knowledge Base Article 926255 update not installed
[30607] Microsoft Windows file manifest privilege escalation
[30606] Microsoft Windows Knowledge Base Article 926247 update not installed
[30605] Microsoft Windows SNMP service buffer overflow
[30604] Microsoft Windows Knowledge Base Article 925454 update not installed
[30599] Microsoft Windows Knowledge Base Article 924667 update not installed
[30598] Microsoft Windows and Visual Studio MFC components RTF code execution
[30597] Microsoft Windows Knowledge Base Article 923723 update not installed
[30595] Microsoft Windows Knowledge Base Article 923689 update not installed
[30594] Microsoft Windows Media Player ASF processing buffer overflow
[30593] Microsoft Windows Knowledge Base Article 918118 update not installed
[30592] Microsoft Windows and Office Rich Edit components code execution
[30591] Microsoft Windows Knowledge Base Article 925674 update not installed
[30586] Microsoft Windows Media Player ASX playlist buffer overflow
[30553] Microsoft Windows Live Messenger emoticon denial of service
[30172] Microsoft Windows Knowledge Base Article 928088 update not installed
[30042] Microsoft Windows GDI kernel privilege escalation
[29954] Microsoft Windows Knowledge Base Article 923980 update not installed
[29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service
[29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow
[29950] Microsoft Windows Knowledge Base Article 920213 update is not installed
[29949] Microsoft Windows Knowledge Base Article 924270 update not installed
[29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow
[29943] Microsoft Windows Knowledge Base Article 923789 update not installed
[29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service
[29546] Microsoft Windows 2000/2003 user logoff initiated
[29545] Microsoft Windows 2000/2003 system time changed
[29544] Microsoft Windows 2000/2003 system security access removed
[29543] Microsoft Windows 2000/2003 security access granted
[29542] Microsoft Windows 2000/2003 SAM notification package loaded
[29541] Microsoft Windows 2000/2003 primary security token issued
[29540] Microsoft Windows 2000/2003 user password reset successful
[29539] Microsoft Windows 2000/2003 object indirectly accessed
[29538] Microsoft Windows 2000/2003 object handle duplicated
[29537] Microsoft Windows 2000/2003 logon with explicit credentials success
[29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
[29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
[29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
[29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
[29532] Microsoft Windows 2000/2003 IKE security association established
[29531] Microsoft Windows 2000/2003 IKE quick mode association ended
[29530] Microsoft Windows 2000/2003 IKE main mode association ended
[29529] Microsoft Windows 2000/2003 IKE association negotiation failed
[29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
[29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
[29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
[29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
[29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
[29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
[29522] Microsoft Windows 2000/2003 administrative group security descriptor set
[29521] Microsoft Windows 2000/2003 account name changed
[29400] Microsoft Windows drmstor.dll denial of service
[29373] Microsoft Windows SMB rename denial of service
[29369] Microsoft Windows Knowledge Base Article 922819 update is not installed
[29253] Microsoft Windows error report transmission detected
[29243] Microsoft Windows Knowledge Base Article 924164 update is not installed
[29236] Microsoft Windows Knowledge Base Article 924163 update is not installed
[29229] Microsoft Windows Knowledge Base Article 923694 update not installed
[29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow
[29226] Microsoft Windows Knowledge Base Article 924554 update is not installed
[29214] Microsoft Windows Knowledge Base Article 922581 update is not installed
[29211] Microsoft Windows Knowledge Base Article 924191 update is not installed
[29208] Microsoft Windows Knowledge Base Article 924496 update is not installed
[29205] Microsoft Windows Object Packager file extension spoofing code execution
[29204] Microsoft Windows Knowledge Base Article 923414 update is not installed
[29202] Microsoft Windows Knowledge Base Article 922760 update is not installed
[29201] Microsoft Windows Knowledge Base Article 923191 update is not installed
[29171] Microsoft Windows Knowledge Base Article 925486 update is not installed
[28664] Microsoft Windows Knowledge Base Article 922770 update is not installed
[28660] Microsoft Windows Knowledge Base Article 921503 update is not installed
[28659] Microsoft Windows OLE Automation code execution
[28656] Microsoft Windows Knowledge Base Article 924090 update not installed
[28652] Microsoft Windows Knowledge Base Article 920685 update is not installed
[28649] Microsoft Windows Knowledge Base Article 910729 update is not installed
[28646] Microsoft Windows Knowledge Base Article 919007 update is not installed
[28643] Microsoft Windows XP PGM buffer overflow
[28600] Microsoft Windows winhlp32 HLP file unspecified code execution
[28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
[28474] Microsoft Windows PNG IHDR block denial of service
[28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow
[28281] Microsoft Windows WMF gdi32.dll denial of service
[28240] Microsoft Windows DNS client data string buffer overflow
[28183] Microsoft Windows gdiplus.dll denial of service
[28045] Microsoft Windows Knowledge Base Article 918899 update is not installed
[28028] Microsoft Windows Knowledge Base Article 922616 update is not installed
[28027] Microsoft Windows Knowledge Base Article 922968 update is not installed
[28024] Microsoft Windows Knowledge Base Article 921645 update is not installed
[28022] Microsoft Windows Knowledge Base Article 920670 update is not installed
[28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow
[28019] Microsoft Windows Knowledge Base Article 920214 update is not installed
[28018] Microsoft Windows Knowledge Base Article 921398 update is not installed
[28017] Microsoft Windows Knowledge Base Article 920958 update is not installed
[28016] Microsoft Windows kernel system inputs buffer overflow
[28015] Microsoft Windows Knowledge Base Article 920683 update is not installed
[28014] Microsoft Windows Winsock API buffer overflow
[28013] Microsoft Windows DNS client buffer overflow
[28012] Microsoft Windows Knowledge Base Article 917422 update is not installed
[28011] Microsoft Windows kernel exception handling code execution
[28009] Microsoft Windows kernel Winlogon privilege escalation
[28008] Microsoft Windows Knowledge Base Article 917008 update is not installed
[28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
[28004] Microsoft Windows Knowledge Base Article 921883 update is not installed
[28002] Microsoft Windows Server service buffer overflow
[27999] Microsoft Windows SMB malformed PIPE denial of service
[27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow
[27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service
[27562] Microsoft Windows Knowledge Base Article 915384 update is not installed
[27554] Microsoft Windows Knowledge Base Article 917284 update is not installed
[27467] Microsoft Windows Knowledge Base Article 917285 update is not installed
[27417] Microsoft Windows Live Messenger contact list denial of service
[26905] Microsoft Windows Knowledge Base Article 918547 update is not installed
[26903] Microsoft Windows Knowledge Base Article 917336 update is not installed
[26886] Microsoft Windows Knowledge Base Article 917953 update is not installed
[26884] Microsoft Windows Knowledge Base Article 917736 update is not installed
[26883] Microsoft Windows Knowledge Base Article 917537 update is not installed
[26882] Microsoft Windows Knowledge Base Article 917344 update is not installed
[26880] Microsoft Windows Knowledge Base Article 917159 update is not installed
[26876] Microsoft Windows Knowledge Base Article 916281 update is not installed
[26874] Microsoft Windows Knowledge Base Article 914389 update is not installed
[26871] Microsoft Windows Knowledge Base Article 914388 update is not installed
[26868] Microsoft Windows Knowledge Base Article 917734 update is not installed
[26867] Microsoft Windows Knowledge Base Article 911280 update is not installed
[26865] Microsoft Windows Knowledge Base Article 917283 update is not installed
[26861] Microsoft Windows Knowledge Base Article 918439 update is not installed
[26834] Microsoft Windows TCP/IP protocol driver buffer overflow
[26830] Microsoft Windows SMB invalid handle denial of service
[26823] Microsoft Windows DHCP Client buffer overflow
[26820] Microsoft Windows SMB Server service information disclosure
[26818] Microsoft Windows Mailslot Server driver buffer overflow
[26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution
[26814] Microsoft Windows RRAS RASMAN buffer overflow
[26813] Microsoft Windows Knowledge Base Article 916768 update is not installed
[26812] Microsoft Windows RRAS buffer overflow
[26809] Microsoft Windows ART image rendering library buffer overflow
[26805] Microsoft Windows JScript code execution
[26788] Microsoft Windows Media Player PNG buffer overflow
[26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion
[26166] Microsoft Windows Knowledge Base Article 912442 update is not installed
[26161] Microsoft Windows Knowledge Base Article 916803 update is not installed
[26156] Microsoft Windows Knowledge Base Article 913580 update is not installed
[25794] Microsoft Windows Knowledge Base Article 917627 update is not installed
[25792] Microsoft Windows Knowledge Base Article 911567 update is not installed
[25629] Microsoft Windows Knowledge Base Article 912812 update is not installed
[25626] Microsoft Windows Knowledge Base Article 911562 update is not installed
[25625] Microsoft Windows Knowledge Base Article 908531 not installed
[25598] Microsoft Windows XP Firewall .exe firewall bypass
[25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass
[25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow
[25554] Microsoft Windows Explorer COM object code execution
[25535] Microsoft Outlook Express Windows Address Book file buffer overflow
[25370] Microsoft Windows Knowledge Base Article 901190 not installed
[25369] Microsoft Windows DNS recursive query denial of service
[25366] Microsoft Windows Knowledge Base Article 905755 update is not installed
[25365] Microsoft Windows Knowledge Base Article 914798 update is not installed
[25364] Microsoft Windows Knowledge Base Article 914451 update is not installed
[25363] Microsoft Windows Knowledge Base Article 905756 update is not installed
[25361] Microsoft Windows Knowledge Base Article 905758 update is not installed
[25360] Microsoft Windows Knowledge Base Article 905754 update is not installed
[25359] Microsoft Windows Knowledge Base Article 905555 update is not installed
[25358] Microsoft Windows Knowledge Base Article 905646 update is not installed
[25357] Microsoft Windows Knowledge Base Article 905757 update is not installed
[25342] Microsoft Windows Knowledge Base Article 905553 update is not installed
[25261] Microsoft Windows Knowledge Base Article 913433 is not installed
[24586] Microsoft Windows DNS client ATMA data record buffer overflow
[24512] Microsoft Windows Knowledge Base Article 911565 update is not installed
[24511] Microsoft Windows Knowledge Base Article 911564 update is not installed
[24509] Microsoft Windows Knowledge Base Article 889167 update is not installed
[24496] Microsoft Windows Knowledge Base Article 911927 update is not installed
[24495] Microsoft Windows Knowledge Base Article 913446 update is not installed
[24494] Microsoft Windows Knowledge Base Article 910620 update is not installed
[24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow
[24492] Microsoft Windows and Office Korean IME privilege elevation
[24489] Microsoft Windows IGMP v3 denial of service
[24488] Microsoft Windows Media Player BMP image parsing service buffer overflow
[24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
[24473] Microsoft Windows 2000 event ID 565 not logged
[24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
[24471] Microsoft Windows VDM information disclosure
[24463] Microsoft Windows XP "
[24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
[24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
[24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
[24402] Microsoft Windows 2000 Terminal Service client IP not logged
[24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
[24157] Microsoft Windows wireless ad-hoc network unauthorized access
[24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service
[23978] Microsoft Windows Knowledge Base Article 912919 update is not installed
[23926] Microsoft Windows Knowledge Base Article 908523 update is not installed
[23924] Microsoft Windows Knowledge Base Article 908519 update is not installed
[23922] Microsoft Windows embedded Open Type Web font buffer overflow
[23846] Microsoft Windows GDI32.DLL WMF image rendering code execution
[23453] Microsoft Windows COM object as ActiveX control allows execution of code
[23450] Microsoft Windows Knowledge Base Article 905915 update is not installed
[23447] Microsoft Windows APC queue list could allow elevated privileges
[23284] Microsoft Windows SynAttackProtect denial of service
[22899] Microsoft Windows Knowledge Base Article 902412 update is not installed
[22882] Microsoft Windows Knowledge Base Article 896424 update is not installed
[22877] Microsoft Windows Metafile image format buffer overflow
[22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow
[22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure
[22514] Microsoft Windows Knowledge Base Article 902400 update is not installed
[22512] Microsoft Windows Knowledge Base Article 907245 update is not installed
[22502] Microsoft Windows Knowledge Base Article 905749 update is not installed
[22501] Microsoft Windows Knowledge Base Article 900725 update is not installed
[22498] Microsoft Windows XP tftp.exe heap overflow
[22495] Microsoft Windows Collaboration Data Objects buffer overflow
[22492] Microsoft Windows Knowledge Base Article 904706 update is not installed
[22480] Microsoft Windows DirectShow .AVI file code execution
[22479] Microsoft Windows HTML in preview fields execute code
[22478] Microsoft Windows .lnk properties execute code
[22477] Microsoft Windows .lnk file execute code
[22476] Microsoft Windows Distributed Transaction Coordinator message denial of service
[22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service
[22473] Microsoft Windows COM code execution
[22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges
[22156] Microsoft Windows Knowledge Base Article 899589 update is not installed
[22089] Microsoft Windows Registry Editor Utility concealment
[21980] Microsoft Windows Registry Editor Utility concealment
[21978] Microsoft Windows user32.dll component denial of service
[21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle
[21931] Microsoft Windows XP memory leak
[21895] Microsoft Windows Msdds.dll object command execution
[21704] Microsoft Windows Knowledge Base Article 896727 update is not installed
[21700] Microsoft Windows Client Service for NetWare code execution
[21626] Microsoft Windows PKINIT protocol obtain information
[21625] Microsoft Windows kerberos message denial of service
[21605] Microsoft Windows Knowledge Base Article 896423 update is not installed
[21604] Microsoft Windows print spooler buffer overflow
[21603] Microsoft Windows Knowledge Base Article 899588 update is not installed
[21602] Microsoft Windows Plug and Play buffer overflow
[21601] Microsoft Windows Knowledge Base Article 899591 update is not installed
[21600] Microsoft Windows Knowledge Base Article 893756 update is not installed
[21599] Microsoft Windows telephony service buffer overflow
[21539] Microsoft Windows USB device driver buffer overflow
[21407] Microsoft Windows RDP request denial of service
[21355] Microsoft Windows Network Connection Manager denial of service
[21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
[21272] Microsoft Windows Knowledge Base Article 903672 update is not installed
[21269] Microsoft Windows Knowledge Base Article 901214 update is not installed
[21221] Microsoft Windows Color Management Module buffer overflow
[21214] Microsoft Windows NTFS allows attacker to obtain information
[20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow
[20826] Microsoft Windows Knowledge Base Article 896422 update is not installed
[20825] Microsoft Windows Knowledge Base Article 896358 update is not installed
[20823] Microsoft Windows Knowledge Base Article 890169 update is not installed
[20822] Microsoft Windows Knowledge Base Article 883939 update is not installed
[20821] Microsoft Windows compiled Help (.CHM) integer overflow
[20820] Microsoft Windows Knowledge Base Article 896426 update is not installed
[20818] Microsoft Windows WebClient Service buffer overflow
[20815] Microsoft Windows SMB process gain access
[20629] Multiple Microsoft Windows IPv6 LAND denial of service
[20546] Microsoft Windows Media Player allows creation of malicious media files
[20382] Microsoft Windows Knowledge Base Article 894320 update is not installed
[20380] Microsoft Windows Web View command execution
[20318] Microsoft Windows Knowledge Base Article 893086 update is not installed
[20317] Microsoft Windows Knowledge Base Article 890923 update is not installed
[20000] Microsoft Windows Knowledge Base Article 892944 update is not installed
[19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
[19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
[19843] Microsoft Windows Knowledge Base Article 894549 update is not installed
[19836] Microsoft Windows CSRSS gain control
[19835] Microsoft Windows HTML Application Host command execution
[19834] Microsoft Windows object buffer overflow
[19832] Microsoft Windows access requests gain privileges
[19830] Microsoft Windows font buffer overflow
[19829] Microsoft Windows Message Queuing component buffer overflow
[19819] Microsoft Windows Remote Desktop "
[19727] Microsoft Windows 2000 GDI32.DLL denial of service
[19593] Microsoft Windows LAND denial of service
[19288] IBM DB2 running on Microsoft Windows obtain information
[19270] Microsoft Windows PNG image buffer overflow
[19220] Microsoft Windows registry key connection denial of service
[19110] Microsoft Windows Hyperlink Object Library code execution
[19109] Microsoft Windows OLE code execution
[19105] Microsoft Windows COM files gain privileges
[19103] Multiple Microsoft Windows TCP/IP denial of service
[19101] Microsoft Windows Servers License Logging service code execution
[19096] Microsoft Windows Media Player PNG buffer overflow
[19093] Microsoft Windows named pipe information disclosure
[19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting
[19089] Microsoft Windows SMB code execution
[18879] Microsoft Windows USER32.DLL ANI header overflow
[18768] Microsoft Windows Knowledge Base Article 891711 update is not installed
[18766] Microsoft Windows Knowledge Base Article 871250 update is not installed
[18758] Microsoft Windows Indexing Service allows code execution
[18678] Microsoft Windows winhlp32.exe buffer overflow
[18668] Microsoft Windows LoadImage API buffer overflow
[18667] Microsoft Windows ANI file zero rate number overflow denial of service
[18587] Microsoft Windows Media Player ActiveX object reveals existence of files
[18576] Microsoft Windows Media Player mp3 code execution
[18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions
[18394] Microsoft Windows Knowledge Base Article 870763 update is not installed
[18393] Microsoft Windows Knowledge Base Article 873339 update is not installed
[18392] Microsoft Windows Knowledge Base Article 885249 update is not installed
[18391] Microsoft Windows Knowledge Base Article 885835 update is not installed
[18390] Microsoft Windows Knowledge Base Article 885836 update is not installed
[18378] Microsoft Windows Icon image anomaly detected
[18342] Microsoft Windows NT DHCP HardwareAddress code execution
[18341] Microsoft Windows NT DHCP MachineName denial of service
[18340] Microsoft Windows LSASS gain privileges
[18339] Microsoft Windows kernel LPC interface gain privileges
[18338] Microsoft Windows Word for Windows 6.0 Converter font code execution
[18337] Microsoft Windows Word for Windows 6.0 Converter table code execution
[18336] Microsoft Windows HyperTerminal session file buffer overflow
[18314] Microsoft Windows Knowledge Base Article 889293 update is not installed
[18208] Microsoft Windows logon screen saver allows elevated privileges
[17864] Microsoft Windows XP Explorer WAV file denial of service
[17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass
[17663] Microsoft Windows MS04-029 patch is not installed
[17662] Microsoft Windows MS04-037 patch is not installed
[17661] Microsoft Windows MS04-036 patch is not installed
[17660] Microsoft Windows MS04-035 patch is not installed
[17659] Microsoft Windows MS04-034 patch is not installed
[17658] Microsoft Windows MS04-032 patch is not installed
[17657] Microsoft Windows NetDDE MS04-031 patch is not installed
[17641] Microsoft Windows NNTP buffer overflow
[17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
[17621] Microsoft Windows 2003 SMTP service code execution
[17560] Microsoft Windows 2000 and XP GDI library denial of service
[17521] Microsoft Windows 2000 Service Pack 4 is not installed
[17458] Microsoft Windows CE KDataStruct information disclosure
[17457] Microsoft Windows XP Explorer.exe TIFF denial of service
[17455] Microsoft Windows XP information disclosure
[17412] IBM with Microsoft Windows XP Professional has default administrator account
[17341] Microsoft Windows MS04-028 patch is not installed
[17052] Microsoft Windows XP and Internet Explorer displays improper file icon
[17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions
[17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature
[17009] Microsoft Windows XP ICF bypass filter
[17004] Microsoft Windows XP Service Pack 2 is not installed on the system
[16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
[16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
[16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
[16907] Microsoft Windows 2003 users with Create global objects privilege
[16905] Microsoft Windows 2003 users or groups with Create global objects privilege
[16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
[16704] Microsoft Windows 2000 Media Player control code execution
[16664] Microsoft Windows Program Group Converter buffer overflow
[16627] Microsoft Windows System32 write file to the directory has been detected
[16597] Microsoft Windows Windows Shell allows code execution
[16592] Microsoft Windows Utility Manager gain privileges
[16591] Microsoft Windows Task Scheduler buffer overflow
[16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges
[16587] Microsoft Windows Network Dynamic Data Exchange Running
[16586] Microsoft Windows HTML Help could allow execution of code
[16582] Microsoft Windows Server 2003 kernel CPU denial of service
[16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow
[16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges
[16579] Microsoft Windows Window Management API allows elevated privileges
[16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
[16570] Microsoft Windows 2003 Users with Create global objects privilege
[16564] Microsoft Windows 2003 Groups with Create global objects privilege
[16562] Microsoft Windows 2003 Groups with "
[16556] Microsoft Windows NetDDE buffer overflow
[16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
[16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
[16520] Microsoft Windows 2003 Create global objects privilege
[16362] Microsoft Windows XP Help Center and Support starts automatically
[16304] Microsoft Windows JPEG buffer overflow
[16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
[16270] Microsoft Windows IPSec filter bypass
[16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected
[16211] Microsoft Windows Service Host buffer overflow exploit attempt detected
[16210] Microsoft Windows Service Host buffer overflow exploit attempt detected
[16207] Microsoft Windows kernel buffer overflow exploit attempt detected
[16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected
[16171] Microsoft Windows XP Explorer code execution
[16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service
[16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
[15956] Microsoft Windows long file share name buffer overflow
[15818] Microsoft Windows MS04-011 patch is not installed
[15813] Microsoft Windows MS04-014 patch is not installed
[15811] Microsoft Windows MS04-012 patch is not installed
[15715] Microsoft Windows Negotiate Security Software Provider buffer overflow
[15714] Microsoft Windows Virtual DOS Machine allows elevated privileges
[15713] Microsoft Windows ASN.1 double-free
[15711] Microsoft Windows object identifier could be used to open network ports
[15710] Microsoft Windows H.323 buffer overflow
[15707] Microsoft Windows Local Descriptor Table allows privilege escalation
[15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
[15702] Microsoft Windows winlogon buffer overflow
[15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
[15699] Microsoft Windows LSASS buffer overflow
[15678] Microsoft Windows XP task creation allows privilege escalation
[15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
[15589] Microsoft Windows allows elevated privileges
[15507] Microsoft Windows XP Explorer wmf denial of service
[15461] Microsoft Windows MS04-008 patch is not installed
[15394] Microsoft Windows service running under non-built-in accounts has been detected
[15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow
[15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
[15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected
[15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected
[15223] Microsoft Windows access violation or exception code has been detected
[15218] Microsoft Windows command shell backdoor
[15101] Microsoft Windows XP helpctr.exe cross-site scripting
[15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
[15039] Microsoft Windows ASN.1 Library buffer overflow
[15038] Microsoft Windows 2000 Server Windows Media Services denial of service
[15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
[14924] Microsoft Windows XP folder containing HTML code and executable file code execution
[13786] Microsoft Windows MS03-051 patch is not installed
[13785] Microsoft Windows MS03-048 patch is not installed
[13784] Microsoft Windows MS03-050 patch is not installed
[13639] Microsoft Windows Workstation buffer overflow
[13638] Microsoft Windows MS03-049 patch is not installed
[13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code
[13509] Microsoft Windows HTML Help could allow an attacker to gain privileges
[13482] Microsoft Windows MS03-047 patch is not installed
[13480] Microsoft Windows MS03-046 patch is not installed
[13478] Microsoft Windows MS03-044 patch is not installed
[13473] Microsoft Windows MS03-045 patch is not installed
[13472] Microsoft Windows MS03-042 patch is not installed
[13471] Microsoft Windows MS03-041 patch is not installed
[13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus
[13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow
[13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
[13422] Microsoft Windows Authenticode could allow an attacker to execute code
[13420] Microsoft Windows HSC HCP protocol file buffer overflow
[13413] Microsoft Windows Messenger Service popup buffer overflow
[13412] Microsoft Windows MS03-043 patch is not installed
[13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
[13385] Microsoft Windows Server 2003 "
[13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code
[13364] Microsoft Windows MS03-040 patch is not installed
[13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service
[13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission
[13211] Microsoft Windows 2000 and XP URG memory leak
[13183] Microsoft Windows service pack detected
[13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
[13134] Microsoft Windows MS03-039 patch is not installed
[13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
[13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used
[13095] Microsoft Windows auto update is disabled
[13089] Microsoft Windows NetBIOS Name Service information disclosure
[12903] Microsoft Windows command shell banner
[12835] Microsoft Windows Pocket PC could allow an attacker to gain access
[12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service
[12724] Microsoft Windows Media Player ASF file could allow code execution
[12701] Microsoft Windows NT 4.0 Server file management function denial of service
[12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
[12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
[12544] Microsoft Windows Servers SMB packet buffer overflow
[12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
[12533] Microsoft Windows MS03-010 patch is not installed
[12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow
[12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
[12489] Microsoft Windows 2000 Server Active Directory buffer overflow
[12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow
[12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information
[12187] Microsoft Windows XP gethostbyaddr() denial of service
[12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
[12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
[12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
[11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code
[11824] Microsoft Windows XP Service Control Manager (SCM) race condition
[11822] Microsoft Windows regedit.exe command execution
[11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
[11810] Microsoft Windows win2k.sys EngTextOut denial of service
[11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow
[11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
[11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
[11575] Microsoft Windows Script Engine buffer overflow
[11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
[11536] Microsoft Windows PostMessage() API function could disclose password
[11505] Microsoft Windows XP Safe Mode bypass
[11425] Microsoft Windows Me HSC hcp:// buffer overflow
[11344] Microsoft Windows riched20.dll attribute label buffer overflow
[11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
[11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
[11260] Microsoft Windows XP Windows Redirector buffer overflow
[11216] Microsoft Windows NT and 2000 command prompt denial of service
[11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
[11132] Microsoft Windows Locator service buffer overflow
[11030] Microsoft Windows OpenType font (.otf) fontview denial of service
[10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted
[10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files
[10892] Microsoft Windows XP Shell media file buffer overflow
[10843] Microsoft Windows 2000 and XP SMB signing group policy modification
[10764] Microsoft Windows XP wireless LAN feature could leak information
[10736] Microsoft Windows XP Fast User Switching could disclose user processes
[10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
[10398] Microsoft Windows Media Player world-writable executables
[10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
[10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges
[10279] Microsoft Windows XP "
[10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service
[10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server
[10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code
[10253] Microsoft Windows HTML Help ActiveX buffer overflow
[10252] Microsoft Windows zipped file decompression incorrect target path
[10251] Microsoft Windows zipped file decompression buffer overflow
[10215] Microsoft Windows Scripting Host is running on the system
[10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
[10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files
[10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes
[10121] Microsoft Windows Remote Desktop Protocol checksum information leak
[10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service
[9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates
[9971] Microsoft Windows Media Player .wmf file extension or content type spoofing
[9953] Microsoft Windows Media Player WMD code execution
[9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
[9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow
[9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files
[9869] Microsoft Windows NTFS hard links could bypass event auditing logs
[9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
[9789] Microsoft Exchange MSRPC denial of service
[9779] Microsoft Windows 2000 weak system partition permissions
[9752] Microsoft Windows 2000 Service Pack 3 is not installed
[9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
[9727] Microsoft Windows Media Player mplay32 long file name buffer overflow
[9625] Microsoft Windows 2000 Narrator allows login information to be audible
[9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution
[9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges
[9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code
[8918] Microsoft Windows XP Remote Desktop Access is enabled
[8915] Microsoft Windows XP Internet Configuration Firewall is disabled
[8892] Microsoft Windows XP "
[8891] Microsoft Windows XP option to digitally sign server communications disabled
[8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled
[8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled
[8888] Microsoft Windows XP security option to digitally sign client communications disabled
[8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum
[8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum
[8867] Microsoft Windows 2000 LanMan denial of service
[8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
[8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
[8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
[8739] Microsoft Windows 2000 DCOM memory leak
[8728] Microsoft Windows Registry remote write audit
[8727] Microsoft Windows Registry remote access audit
[8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript
[8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file
[8559] Microsoft Windows registry security SAM read
[8512] Microsoft Windows NT security ID lookup
[8509] Microsoft Windows startup folder access
[8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles
[8402] Microsoft Windows 2000 allows an attacker to bypass password policy
[8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass "
[8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed
[8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
[8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
[8231] Microsoft Windows NT SNMP OID decoding memory leak
[8209] Microsoft Windows XP CIFS port denial of service
[8207] Microsoft Windows XP UDP port denial of service
[8199] Microsoft Windows 2000 Terminal Services unlocked client
[8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
[8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system
[8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
[8037] Microsoft Windows 2000 empty TCP packet denial of service
[8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
[8000] Microsoft Windows XP "
[7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back
[7892] Microsoft Windows 95 Backup long file extension buffer overflow
[7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories
[7732] Microsoft Windows XP Remote Desktop sends username in plain text
[7731] Microsoft Windows XP fast user switching could lockout users except administrator
[7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack
[7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow
[7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication
[7709] Microsoft Windows multiple vendor Web browser high image count denial of service
[7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
[7605] Microsoft Windows XP helpctr.exe buffer overflow
[7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service
[7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
[7533] Microsoft Windows 2000 RunAs service denial of service
[7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
[7531] Microsoft Windows 2000 RunAs service reveals sensitive information
[7527] Microsoft SQL Server malformed RPC request denial of service
[7526] Microsoft Exchange Server malformed RPC request denial of service
[7428] Microsoft Windows Me and XP UPnP denial of service
[7422] Microsoft Windows NT RSHSVC does not properly validate users
[7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service
[7409] Microsoft Windows 2000 and Windows XP GDI denial of service
[7405] Microsoft Windows NT NonPagedPool denial of service
[7403] Microsoft Windows NT Win32k.sys denial of service
[7402] Microsoft Windows NT kernel mode handle-closing denial of service
[7401] Microsoft Windows NT group policies not applied if long DC name
[7400] Microsoft Windows NT user policies not updated
[7398] Microsoft Windows NT symbolic link case elevation of privileges
[7391] Microsoft Windows NT strong passwords may allow parts of the full name
[7369] Microsoft Windows CSRSS.EXE denial of service
[7329] Microsoft Windows NT WINS malformed packet flood denial of service
[7318] Microsoft Windows ME SSDP service denial of service
[7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
[7231] Microsoft Windows 95 using NetWare remote administration contains hidden share
[7224] Microsoft Windows NT smbmount request from Linux client denial of service
[7125] Microsoft Windows NT Index Server "
[7107] Microsoft Windows NT Xenroll denial of service
[7008] Microsoft Windows 2000 IrDA device denial of service
[6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
[6962] Microsoft Windows Media Player .ASF marker buffer overflow
[6943] Microsoft Windows NT NT4ALL denial of service
[6931] Microsoft Windows 2000 without Service Pack 2
[6924] Microsoft Windows 98 ARP packet flooding denial of service
[6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
[6914] Multiple Microsoft products malformed RPC request denial of service
[6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
[6907] Microsoft Windows Media Player .NSC buffer overflow
[6876] Microsoft Windows 2000 could allow an attacker to change network passwords
[6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution
[6803] Microsoft Windows 2000 SMTP service allows mail relaying
[6745] Microsoft Windows 2000 LDAP function could allow domain user password change
[6669] Microsoft Windows 2000 Telnet system call denial of service
[6668] Microsoft Windows 2000 Telnet handle leak denial of service
[6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
[6666] Microsoft Windows 2000 Telnet username denial of service
[6665] Microsoft Windows 2000 Telnet service weak domain authentication
[6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
[6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
[6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts
[6518] Microsoft Windows Index Server could allow attackers to view files on the Web server
[6517] Microsoft Windows NT Index Server "
[6506] Microsoft Windows 2000 Server Kerberos denial of service
[6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
[6441] Microsoft Windows NT drivers DbgPrint function format string
[6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords
[6275] Microsoft Windows user.dmp file insecure permissions
[6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer
[6160] Microsoft Windows 2000 event viewer buffer overflow
[6136] Microsoft Windows 2000 domain controller denial of service
[6103] Microsoft Windows NT PPTP denial of service
[6070] Microsoft Windows UDP socket denial of service
[6062] Microsoft Windows DDE allows privilege elevation
[6035] Microsoft Windows 2000 Server RDP denial of service
[6006] Microsoft Windows NT mutex denial of service
[5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
[5937] Microsoft Windows Media Player skins can be used to execute arbitrary code
[5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
[5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
[5746] Microsoft Windows NT MSTask.exe denial of service
[5673] Microsoft Windows NT MTS registry permissions
[5672] Microsoft Windows NT SNMP registry permissions
[5671] Microsoft Windows NT RAS registry permissions
[5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
[5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
[5585] Microsoft Windows 2000 brute force attack
[5573] Microsoft Windows NT SynAttackProtect denial of service
[5502] Microsoft Windows 2000 Indexing Services ixsso.query
[5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow
[5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
[5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions
[5411] Microsoft Windows File Share service denial of service
[5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
[5395] Microsoft Windows 9x share level password
[5387] Microsoft Windows HyperTerminal Telnet buffer overflow
[5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service
[5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service
[5315] Microsoft Windows NT invalid LPC request
[5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
[5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
[5203] Microsoft Windows 2000 still image service
[5193] Microsoft Windows Media Services Unicast Service denial of service
[5171] Microsoft Windows 2000 Local Security Policy corruption
[5168] Microsoft Windows NetBIOS cache corruption
[5097] Microsoft Windows folder.htt allows execution of active scripting without approval
[5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service
[5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry
[5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict
[5033] Microsoft Windows 2000 without Service Pack 1
[5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
[5015] Microsoft Windows NT and 2000 executable path
[4887] Microsoft Windows 2000 Kerberos ticket renewed
[4886] Microsoft Windows 2000 logon session reconnected
[4885] Microsoft Windows 2000 logon session disconnected
[4882] Microsoft Windows 2000 Kerberos pre-authentication failed
[4873] Microsoft Windows 2000 user account mapped for logon
[4872] Microsoft Windows 2000 account logon failed
[4871] Microsoft Windows 2000 account used for logon
[4855] Microsoft Windows 2000 group type change
[4828] Microsoft Windows 95/98 ARP spoofing
[4823] Microsoft Windows 2000 Telnet server binary stream denial of service
[4819] Microsoft Windows 2000 default SYSKEY configuration
[4787] Microsoft Windows 2000 user account locked out
[4786] Microsoft Windows 2000 computer account created
[4785] Microsoft Windows 2000 computer account changed
[4784] Microsoft Windows 2000 computer account deleted
[4714] Microsoft Windows 2000 "
[4702] Microsoft Windows event log full
[4700] Microsoft Windows computer password not found in local security database
[4698] Microsoft Windows EventLog service started
[4688] Microsoft Windows Network Monitor driver started
[4673] Microsoft Windows resources for queuing of audit messages have been exhausted
[4671] Microsoft Windows event log file cannot be opened
[4670] Microsoft Windows event log file corrupted
[4648] Microsoft Windows NT malformed remote registry request denial of service
[4608] Microsoft Windows NT computer account creation can compromise User Session Key
[4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests
[4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
[4585] Microsoft Windows Encoder denial of service
[4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user
[4547] Microsoft Windows Master Browser browse table can be filled with bogus entries
[4517] Microsoft Windows NT user account locked out
[4516] Microsoft Windows NT user account enabled
[4515] Microsoft Windows NT user account disabled
[4337] Microsoft Windows NT/2000 cmd.exe buffer overflow
[4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys
[4278] Microsoft Windows 2000 unattended install does not secure All Users profile
[4247] Microsoft Windows 95/98 printer sharing allows read access
[4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code
[4203] Microsoft Windows TCP/IP Printing Service denial of service
[4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server
[4140] Microsoft Windows Telnet service authentication may expose user passwords
[4138] Microsoft Windows 2000 system file integrity feature is disabled
[4111] Microsoft Windows NT 4.0 registry permissions
[4108] Microsoft Windows Media Technologies malformed license request denial of service
[4107] Microsoft Windows path names containing DOS devices denial of service
[4086] Microsoft Windows 2000 may not start Jaz drives correctly
[4085] Microsoft Windows 2000 non-Gregorial calendar error
[4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
[4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
[4082] Microsoft Windows 2000 and Iomega parallel port drives display error
[4081] Microsoft Windows invalid image error when using OLE libraries
[4080] Microsoft Windows 2000 AOL image support
[4079] Microsoft Windows 2000 High Encryption Pack
[4034] Microsoft Windows Media Services handshake packets denial of service
[4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files
[3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found
[3909] Microsoft Windows 9x share is writable
[3906] Microsoft Windows NT share is readable
[3694] Microsoft Windows NT malformed resource enumeration denial of service
[3574] Microsoft Windows 9x cache could reveal plaintext password
[3534] Microsoft Windows NT 4.0 without Service Pack 6
[3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges
[3328] Microsoft Windows ARP packet denial of service
[3251] Microsoft Windows allows source routing when configured to reject source routed packets
[3248] Microsoft Windows NT RASMAN pathname
[3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users
[3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable
[3129] Microsoft Windows Telnet.exe remote buffer overflow
[3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow
[3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request
[3104] Microsoft Windows NT TSE denial of service can consume all available memory
[2750] Microsoft Windows started/stopped
[2677] Microsoft Windows NT old operating system
[2549] Microsoft Windows NT install date changed
[2336] Microsoft Windows NT login default folder allows a user to bypass policies
[2313] Microsoft Windows NT can be crashed by executables containing malformed image headers
[2299] Microsoft Windows NT CSRSS denial of service
[2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot
[2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting
[2201] Microsoft Windows NT 4.0 without Service Pack 5
[2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow
[2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow
[2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins
[2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult
[2102] Microsoft Windows NT allows files to exceed the supposed maximum length
[1976] Microsoft Windows NT gina flaw allows locked-out users to log in
[1975] Microsoft Windows NT gina allows some clipboard text to be revealed
[1974] Microsoft Windows NT SNMP agent memory leak
[1947] Microsoft Windows NT/9x can be frozen with redirect packets
[1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges
[1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges
[1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption
[1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights
[1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access
[1566] Microsoft Windows NT user account deleted
[1556] Microsoft Windows NT user account created
[1394] Microsoft Windows NT 4.0 without Service Pack 4
[1372] Microsoft Windows NT snork attack can disable system
[1321] Microsoft Windows Interactive_Guest_Logon
[1320] Microsoft Windows legal notice display not enabled
[1319] Microsoft Windows local user on workstation
[1315] Microsoft Windows network Guest logon
[1314] Microsoft Windows NT user has never logged on
[1312] Microsoft Windows NT null session user modals
[1296] Microsoft Windows service user
[1295] Microsoft Windows NT service user password found
[1291] Microsoft Windows shutdown without logon enabled
[1288] Microsoft Windows NT system key encryption not enabled
[1286] Microsoft Windows NT TCP/IP security not enabled
[1285] Microsoft Windows trojan key permissions
[1284] Microsoft Windows NT trusted domain
[1075] Microsoft Windows file-sharing access error
[981] Microsoft Windows WINS exploit using SNMP
[710] Microsoft Windows NT portbind issue
[679] Microsoft Windows null session
[539] Microsoft Windows 95 and Internet Explorer password disclosure
[538] Microsoft Windows NT Winpopup DoS attack
[536] Microsoft Windows NT discloses system information
[535] Microsoft Windows NT sometimes does not kill all processes when logging out
[534] Microsoft Windows 95 stores many passwords in plain text in the registry
[530] Microsoft Windows NT RAS service packet filtering rules can be bypassed
[529] Microsoft Windows NT case problems can lead to admin access
[528] Microsoft Windows NT fragmentation attack
[526] Microsoft Windows NT path is insecure and can be easily trojaned
[342] Microsoft Windows NT SMB logon denial of service
[283] Microsoft Windows account password guessed
[186] Microsoft Windows NT DNS denial of service
[172] Microsoft Windows NT Post-SP2 security patches missing
[168] Microsoft Windows key with incorrect permissions
[140] Microsoft Windows telnet service installed
[138] Microsoft Windows system log accessible
[121] Microsoft Windows NT security log accessible
[120] Microsoft Windows schedule service running
[114] Microsoft Windows NT rsh service Running
[102] Microsoft Windows NT rexec service running
[99] Microsoft Windows registry can be opened remotely
[98] Microsoft Windows NT rcmd service running
[92] Microsoft Windows NT rlogin service installed
[66] Microsoft Windows NT kernel outdated
[16] Microsoft Windows Remote Access Service
[14] Microsoft Windows NT 4.0 without Service Pack 3
[13] Microsoft Windows Network Monitor insecure password
[11] Microsoft Windows NT 4.0 beta
Exploit-DB - https://www.exploit-db.com:
[22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
[21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4)
[21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3)
[21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2)
[21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1)
[3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2)
[30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability
[30645] Microsoft Windows URI Handler Command Execution Vulnerability
[30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
[30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
[30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability
[30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability
[30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation
[30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability
[29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
[29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
[29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability
[29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability
[29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
[29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS
[29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS
[28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability
[28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
[28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
[28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities
[28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
[28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability
[28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability
[28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
[27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability
[27851] Microsoft Windows - Path Conversion Weakness
[27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities
[26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
[26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
[26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability
[26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
[25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability
[25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability
[25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability
[25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
[25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
[25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability
[25259] Microsoft Windows XP Local Denial of Service Vulnerability
[25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
[25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
[25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
[24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability
[24682] Microsoft Windows XP Weak Default Configuration Vulnerability
[24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability
[24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
[24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability
[24125] Microsoft Windows XP Self-Executing Folder Vulnerability
[24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability
[23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
[23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
[23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
[23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability
[23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness
[23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability
[23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability
[23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability
[23179] Oracle MySQL for Microsoft Windows MOF Execution
[23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability
[23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability
[23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
[22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
[22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
[22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability
[22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
[22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability
[22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
[22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability
[22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
[22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4)
[22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3)
[22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2)
[22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1)
[22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
[22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC
[22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability
[22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability
[22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability
[22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability
[22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability
[22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability
[22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability
[21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability
[21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability
[21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability
[21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
[21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
[21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
[21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
[21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
[21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
[21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability
[21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
[21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
[21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
[21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability
[21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
[21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
[21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
[21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability
[20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
[20861] Microsoft Windows Kernel Intel x64 SYSRET PoC
[20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability
[20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability
[20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability
[20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability
[20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability
[20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow
[20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability
[20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability
[20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
[20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability
[20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
[20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability
[20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
[20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2)
[20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1)
[20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
[20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
[20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
[20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability
[20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability
[20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability
[20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
[20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
[20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
[20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability
[20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
[20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
[19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability
[19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability
[19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability
[19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS
[19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability
[19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability
[19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
[19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability
[19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2)
[19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1)
[19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability
[19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability
[19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability
[19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
[19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
[19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
[19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability
[19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability
[19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability
[19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability
[19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability
[19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability
[19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability"
[19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability"
[19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability
[19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
[19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability
[19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3
[19002] Microsoft Windows OLE Object File Handling Remote Code Execution
[18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability
[18372] Microsoft Windows Assembly Execution Vulnerability MS12-005
[17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
[17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit
[17037] PostgreSQL for Microsoft Windows Payload Execution
[16957] Oracle MySQL for Microsoft Windows Payload Execution
[16749] Microsoft RPC DCOM Interface Overflow
[16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)
[16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
[16574] Microsoft Windows Shell LNK Code Execution
[16374] Microsoft Windows Authenticated User Code Execution
[16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)
[16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
[16360] Microsoft Windows SMB Relay Code Execution
[15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption
[14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)
[14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll)
[14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
[14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability
[14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)
[14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047)
[14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest
[14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks
[14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)
[14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)
[14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048)
[14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability
[14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)
[14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow"
[14403] Microsoft Windows Automatic LNK Shortcut File Code Execution
[13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
[13532] MS Windows (DCOM RPC2) Universal Shellcode
[12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow
[11195] Microsoft Windows Defender ActiveX Heap Overflow PoC
[10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
[9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit
[4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname)
[4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065)
[4045] Microsoft Windows Animated Cursor Stack Overflow Exploit
[3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4)
[3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption
[1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated)
[293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011)
[117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit
[109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)
[103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039)
[100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026)
[97] MS Windows (RPC DCOM) Scanner (MS03-039)
[76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets)
[70] MS Windows (RPC DCOM) Remote Exploit (48 Targets)
[69] MS Windows RPC DCOM Remote Exploit (18 Targets)
[66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets)
[64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit
[61] MS Windows 2000 RPC DCOM Interface DoS Exploit
[5] MS Windows RPC Locator Service Remote Exploit
OpenVAS (Nessus) - http://www.openvas.org:
[903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
[903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)
[903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847)
[903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
[902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
[902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
[902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
[902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities
[902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
[902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
[902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
[902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
[902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
[902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
[902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
[902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
[902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
[902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
[902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
[902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
[902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226)
[902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
[902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
[902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
[902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
[902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
[902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
[902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
[902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
[902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)
[902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
[902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)
[902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
[902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
[902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)
[902425] Microsoft Windows SMB Accessible Shares
[902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
[902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
[902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
[902290] Microsoft Windows Active Directory SPN Denial of Service (2478953)
[902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)
[902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
[902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)
[902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
[902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)
[902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
[902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)
[902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
[902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
[902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)
[902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)
[902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
[902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)
[902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)
[902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)
[902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
[902033] Microsoft Windows '.ani' file Denial of Service vulnerability
[901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
[901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
[901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
[901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
[901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
[901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)
[901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)
[901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
[901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)
[901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
[901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
[901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)
[901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
[901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)
[901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858)
[901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
[901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
[901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
[901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
[901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
[900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
[900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
[900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability
[900956] Microsoft Windows Patterns & Practices EntLib Version Detection
[900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
[900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
[900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
[900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059)
[900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
[900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
[900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
[900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
[900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
[900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
[900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883)
[900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability
[900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
[900568] Microsoft Windows Search Script Execution Vulnerability (963093)
[900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
[900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability
[900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability
[900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
[900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
[900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
[900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
[900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
[900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)
[900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)
[900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)
[900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
[900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
[900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
[900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)
[900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402)
[900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561)
[900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
[900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
[900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability
[900173] Microsoft Windows Media Player Version Detection
[900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability
[900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
[803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
[802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
[802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows)
[802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
[802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
[802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
[802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
[802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
[802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
[802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows)
[802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637)
[801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
[801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
[801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
[801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
[801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213)
[801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
[801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
[801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
[801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
[801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)
[801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
[801669] Microsoft Windows IIS FTP Server DOS Vulnerability
[801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
[801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
[801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
[801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)
[801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
[801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
[801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349)
[801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
[801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
[801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability
[801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
[801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
[801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities
[800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
[800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
[800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
[800504] Microsoft Windows XP SP3 denial of service vulnerability
[800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
[800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
[800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
[800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability
[800331] Microsoft Windows Live Messenger Client Version Detection
[800328] Integer Overflow vulnerability in Microsoft Windows Media Player
[800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability
[800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
[102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127)
[102055] Microsoft Windows GDI Multiple Vulnerabilities (925902)
[102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969)
[102015] Microsoft RPC Interface Buffer Overrun (KB824146)
[100624] Microsoft Windows SMTP Server DNS spoofing vulnerability
[100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
[100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
[90024] Windows Vulnerability in Microsoft Jet Database Engine
[11808] Microsoft RPC Interface Buffer Overrun (823980)
[903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045)
[903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows)
[903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)
[903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830)
[903017] Microsoft Office Remote Code Execution Vulnerability (2639185)
[903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows)
[903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows)
[903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12
[903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows)
[903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows)
[903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
[902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
[902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451)
[902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
[902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184)
[902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
[902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
[902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
[902920] Microsoft Office Remote Code Execution Vulnerability (2731879)
[902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
[902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162)
[902914] Microsoft IIS GET Request Denial of Service Vulnerability
[902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
[902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X)
[902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352)
[902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
[902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653)
[902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows)
[902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
[902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
[902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability
[902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
[902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows)
[902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
[902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
[902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
[902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
[902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
[902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
[902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465)
[902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows)
[902798] Microsoft SMB Signing Enabled and Not Required At Server
[902797] Microsoft SMB Signing Information Disclosure Vulnerability
[902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
[902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637)
[902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719)
[902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows)
[902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
[902781] Windows Media Player Denial Of Service Vulnerability
[902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows)
[902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows)
[902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11
[902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045)
[902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
[902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
[902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
[902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
[902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows)
[902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
[902725] Nfs-utils rpc.statd Multiple Remote Format String Vulnerabilities
[902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
[902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
[902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows)
[902704] VLC Media Player '.RM' File BOF Vulnerability (Windows)
[902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
[902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
[902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
[902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
[902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177)
[902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
[902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
[902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows)
[902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
[902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157)
[902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956)
[902666] Opera Multiple Vulnerabilities - March12 (Windows)
[902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
[902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
[902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
[902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability
[902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)
[902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428)
[902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
[902645] Google Chrome Multiple Vulnerabilities - December11 (Windows)
[902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712)
[902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
[902638] Apple iTunes Remote Code Execution Vulnerability (Windows)
[902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows)
[902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
[902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
[902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows)
[902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
[902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows)
[902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
[902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)
[902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634)
[902561] McAfee SaaS Endpoint Protection Version Detection (Windows)
[902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
[902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
[902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows)
[902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows)
[902545] IBM Informix Dynamic Server Version Detection (Windows)
[902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917)
[902529] ejabberd Version Detection (Windows)
[902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows)
[902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows)
[902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows)
[902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
[902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
[902518] Microsoft .NET Framework Security Bypass Vulnerability
[902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
[902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
[902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)
[902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
[902495] Microsoft Office Remote Code Execution Vulnerability (2590602)
[902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
[902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
[902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
[902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704)
[902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657)
[902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
[902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799)
[902477] CDE ToolTalk RPC Database Server Multiple Vulnerabilities
[902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
[902462] CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
[902455] Microsoft Visio Remote Code Execution Vulnerability (2560847)
[902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893)
[902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426
[902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
[902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability
[902441] Windows MHTML Information Disclosure Vulnerability (2544893)
[902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814)
[902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640)
[902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
[902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
[902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
[902409] Windows MHTML Information Disclosure Vulnerability (2503658)
[902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308)
[902400] Adobe Products Remote Memory Corruption Vulnerability (Windows)
[902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows)
[902398] LibreOffice Version Detection (Windows)
[902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
[902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11
[902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows)
[902382] Google Chrome Multiple Vulnerabilities May11 (Windows)
[902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows)
[902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
[902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
[902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
[902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293)
[902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618)
[902353] Oracle Java SE Code Execution Vulnerabilities (Windows)
[902351] Microsoft Groove Remote Code Execution Vulnerability (2494047)
[902350] Oracle Java SE Code Execution Vulnerability (Windows-01)
[902349] Oracle Java SE Code Execution Vulnerability (Windows)
[902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
[902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
[902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows)
[902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows)
[902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
[902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
[902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows)
[902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
[902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)
[902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957)
[902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937)
[902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
[902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows)
[902305] Mozilla Firefox Information Disclosure Vulnerability (Windows)
[902303] Adobe Products Content Code Execution Vulnerability (Windows)
[902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546)
[902293] Metasploit Framework Version Detection (Windows)
[902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
[902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
[902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
[902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105)
[902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673)
[902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970)
[902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
[902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
[902255] Microsoft Visual Studio Insecure Library Loading Vulnerability
[902254] Microsoft Office Products Insecure Library Loading Vulnerability
[902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
[902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
[902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011)
[902242] Mozilla Products Insecure Library Loading Vulnerability (Windows)
[902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows)
[902238] Skype Insecure Library Loading Vulnerability (Windows)
[902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
[902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)
[902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
[902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212)
[902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability
[902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows)
[902203] Opera Browser Multiple Vulnerabilities (Windows)
[902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows)
[902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows)
[902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)
[902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
[902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
[902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381)
[902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows)
[902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows)
[902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability
[902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows)
[902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213)
[902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
[902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows)
[902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
[902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
[902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
[902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160)
[902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
[902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
[902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182)
[902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
[902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows)
[902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows)
[902133] Microsoft Office Excel Multiple Vulnerabilities (980150)
[902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows)
[902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
[902120] Google Chrome Multiple Vulnerabilities - (Windows)
[902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935)
[902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
[902115] Microsoft Kerberos Denial of Service Vulnerability (977290)
[902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
[902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
[902098] Novell iPrint Client Multiple Vulnerabilities (windows)
[902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707)
[902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
[902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows)
[902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10
[902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
[902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
[902060] Cybozu Office Authentication Bypass Vulnerability (Windows)
[902045] aMSN session hijack vulnerability (Windows)
[902044] aMSN Version Detection (Windows)
[902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094)
[902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816)
[902027] Mozilla Firefox Unspecified Vulnerability (Windows)
[902015] Microsoft Paint Remote Code Execution Vulnerability (978706)
[901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
[901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448)
[901206] Check RPC rstatd Service Running
[901197] Google Chrome multiple vulnerabilities - March 11 (Windows)
[901190] Google Chrome Use-After-Free Vulnerability (Windows)
[901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628)
[901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687)
[901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
[901174] OpenSC Version Detection (Windows)
[901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935)
[901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930)
[901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011)
[901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
[901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
[901153] Google Chrome multiple vulnerabilities Sep-10 (Windows)
[901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
[901145] FreeType Unspecified Vulnerability (Windows)
[901144] FreeType Version Detection (Windows)
[901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
[901142] FreeType Multiple denial of service vulnerabilities (Windows)
[901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461)
[901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
[901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207)
[901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
[901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows)
[901069] Microsoft Office Project Remote Code Execution Vulnerability (967183)
[901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783)
[901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
[901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
[900973] Microsoft Office Word Remote Code Execution Vulnerability (976307)
[900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
[900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
[900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
[900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
[900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09
[900891] Microsoft Internet Denial Of Service Vulnerability - Nov09
[900887] Microsoft Office Excel Multiple Vulnerabilities (972652)
[900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
[900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
[900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability
[900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
[900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability
[900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability
[900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
[900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
[900808] Microsoft Visual Products Version Detection
[900799] Ruby Interpreter Version Detection (Windows)
[900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows)
[900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10
[900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09
[900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability
[900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
[900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856)
[900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
[900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
[900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
[900668] Vulnerability in RPC Could Allow Elevation of Privilege (970238)
[900602] RPC portmapper
[900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953)
[900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
[900567] Microsoft IIS Security Bypass Vulnerability (970483)
[900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
[900479] PostgreSQL Version Detection (Windows)
[900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557)
[900461] Microsoft MSN Live Messneger Denial of Service Vulnerability
[900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
[900400] Microsoft Internet Explorer Unicode String DoS Vulnerability
[900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516)
[900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites
[900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
[900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09
[900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
[900322] Tor Replay Attack Vulnerability (Windows)
[900314] Microsoft XML Core Service Information Disclosure Vulnerability
[900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability
[900302] MS Windows taskmgr.exe Information Disclosure Vulnerability
[900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
[900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454)
[900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
[900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
[900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
[900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
[900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223)
[900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
[900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
[900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
[900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
[900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
[900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
[900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386)
[900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
[900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
[900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
[900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)
[900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
[900218] IBM DB2 Server Detection (Windows)
[900192] Microsoft Internet Explorer Information Disclosure Vulnerability
[900187] Microsoft Internet Explorer Argument Injection Vulnerability
[900170] Microsoft iExplorer '&NBSP
[900131] Microsoft Internet Explorer Denial of Service Vulnerability
[900128] CuteNews Version Detection for Windows
[900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
[900123] Apple iTunes Version Detection for Windows
[900120] Microsoft Organization Chart Remote Code Execution Vulnerability
[900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
[900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
[900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
[900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
[900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
[900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
[900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
[900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
[900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
[900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
[900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
[900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
[900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
[900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155)
[900051] Windows Kernel Elevation of Privilege Vulnerability (954211)
[900049] Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
[900048] Microsoft Excel Remote Code Execution Vulnerability (956416)
[900047] Microsoft Office nformation Disclosure Vulnerability (957699)
[900046] Microsoft Office Remote Code Execution Vulnerabilities (955047)
[900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154)
[900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156)
[900036] Opera Version Detection for Windows
[900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702)
[900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
[900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
[900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
[900025] Microsoft Office Version Detection
[900012] Enumerates List of Windows Hotfixes
[900006] Microsoft Word Could Allow Remote Code Execution Vulnerability
[900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
[900003] Apple Safari Detect Script (Windows)
[900002] Apple Safari for Windows Multiple Vulnerabilities July-08
[900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08
[860852] Fedora Update for libtirpc FEDORA-2008-1017
[860389] Fedora Update for libtirpc FEDORA-2008-9204
[855770] Solaris Update for rpc.nisd 140917-02
[855741] Solaris Update for rpc.nisd 140918-02
[855685] Solaris Update for rpc.nisd 140917-01
[855672] Solaris Update for rpc.nisd 140918-01
[855563] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112847-01
[855554] Solaris Update for librpcsvc 127549-01
[855522] Solaris Update for librpcsvc 127548-01
[855518] Solaris Update for rpc.ypupdated 139986-01
[855515] Solaris Update for usr/sbin/rpc.metad 139967-01
[855503] Solaris Update for rpcsec_gss 126929-02
[855466] Solaris Update for OpenWindows 3.6.1 108117-06
[855441] Solaris Update for ypserv/ypxfrd/rpc.yppasswdd 114342-12
[855436] Solaris Update for rpc.ypupdated 138886-01
[855419] Solaris Update for librpcsvc 123397-01
[855408] Solaris Update for rpc.ypupdated 138575-01
[855393] Solaris Update for OpenWindows 3.6.2 111626-04
[855385] Solaris Update for rpc.ypupdated 140102-01
[855364] Solaris Update for librpcsvc 123396-01
[855334] Solaris Update for OpenWindows 3.6.2 113792-01
[855317] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112875-01
[855246] Solaris Update for OpenWindows 3.7.3 119903-02
[855227] Solaris Update for /usr/lib/netsvc/rwall/rpc.rwalld 112846-01
[855223] Solaris Update for usr/sbin/rpc.metad 138574-01
[855208] Solaris Update for rpc.ypupdated 138576-01
[855196] Solaris Update for NFS Daemon, rpcmod 113278-22
[855173] Solaris Update for OpenWindows 3.7.0 112811-02
[855158] Solaris Update for rpcsec_gss 126928-02
[855128] Solaris Update for rpc.ypupdated 138885-01
[855124] Solaris Update for nfs and rpcmod 116960-21
[855123] Solaris Update for nfs and rpcmod 116959-21
[855098] Solaris Update for NFS Daemon, rpcmod 119439-15
[855057] Solaris Update for OpenWindows 3.6.2 110286-16
[855014] Solaris Update for usr/sbin/rpc.metad 140106-01
[841137] Ubuntu Update for xmlrpc-c USN-1527-2
[840391] Ubuntu Update for xmlrpc-c vulnerabilities USN-890-5
[840163] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-2
[840047] Ubuntu Update for krb5, librpcsecgss vulnerability USN-511-1
[835182] HP-UX Update for rpcbind HPSBUX02370
[835143] HP-UX Update for rpc.yppasswdd HPSBUX00242
[835134] HP-UX Update for rpcbind Software HPSBUX00169
[835116] HP-UX Update for rpc.ypupdated HPSBUX01002
[835113] HP-UX Update for rpc.mountd HPSBUX00272
[835102] HP-UX Update for rpc.yppasswdd HPSBUX02295
[835100] HP-UX Update for rpc.ttdbserverd HPSBUX00168
[835057] HP-UX Update for RPC HPSBUX00252
[835039] HP-UX Update for RPC HPSBUX01020
[835012] HP-UX Update for rpc.ttdbserver HPSBUX00199
[830306] Mandriva Update for librpcsecgss MDKSA-2007:181 (librpcsecgss)
[803479] Adobe Acrobat Multiple Vulnerabilities - Windows
[803456] Adobe Air Multiple Vulnerabilities - December12 (Windows)
[803454] Adobe Air Multiple Vulnerabilities - November12 (Windows)
[803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows)
[803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows)
[803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)
[803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows)
[803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)
[803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows)
[803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)
[803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows)
[803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03)
[803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02)
[803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01)
[803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)
[803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows)
[803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows)
[803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows)
[803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows)
[803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows)
[803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows)
[803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows)
[803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows)
[803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows)
[803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows)
[803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows)
[803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows)
[803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows)
[803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)
[803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)
[803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)
[803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows)
[803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows)
[803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows)
[803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)
[803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows)
[803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
[803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows)
[803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows)
[803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows)
[803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows)
[803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows)
[803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows)
[803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows)
[803001] Opera Multiple Vulnerabilities - August12 (Windows)
[802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows)
[802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows)
[802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows)
[802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows)
[802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows)
[802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability
[802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows)
[802975] Google Chrome Windows Kernel Memory Corruption Vulnerability
[802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01)
[802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows)
[802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
[802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows
[802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows)
[802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows)
[802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows)
[802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows)
[802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows)
[802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)
[802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows)
[802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows)
[802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows)
[802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows)
[802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows)
[802936] Adobe Reader Multiple Vulnerabilities - Windows
[802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows)
[802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows)
[802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows)
[802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows)
[802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows)
[802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows)
[802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows)
[802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
[802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)
[802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows)
[802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows)
[802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows)
[802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows)
[802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows)
[802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows)
[802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
[802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows)
[802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows)
[802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows)
[802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows)
[802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
[802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows)
[802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows)
[802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows)
[802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows)
[802831] EMC NetWorker 'nsrexecd' RPC Packet Denial of Service Vulnerability
[802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows)
[802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12
[802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
[802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
[802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12
[802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows)
[802795] Apple QuickTime Multiple Vulnerabilities - (Windows)
[802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows)
[802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows)
[802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows)
[802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
[802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows)
[802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
[802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows)
[802761] Wireshark Multiple Vulnerabilities - April 12 (Windows)
[802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows)
[802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows)
[802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows)
[802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows)
[802726] Microsoft SMB Signing Disabled
[802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows)
[802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows)
[802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)
[802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows)
[802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities
[802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows)
[802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows)
[802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows)
[802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows)
[802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)
[802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows)
[802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows)
[802646] Opera Multiple Vulnerabilities - June12 (Windows)
[802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03)
[802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02)
[802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01)
[802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows)
[802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01)
[802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows)
[802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows)
[802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows)
[802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows)
[802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)
[802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows)
[802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)
[802566] PHP Multiple Denial of Service Vulnerabilities (Windows)
[802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows)
[802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows
[802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows)
[802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows)
[802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows)
[802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows
[802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
[802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows)
[802517] Mozilla Products Privilege Escalation Vulnerabily (Windows)
[802511] Mozilla Products Multiple Vulnerabilities (Windows)
[802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows)
[802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
[802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011
[802505] FFFTP Untrusted Search Path Vulnerability (Windows)
[802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows)
[802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows)
[802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows)
[802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
[802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
[802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows)
[802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows)
[802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows)
[802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows)
[802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows)
[802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows)
[802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows)
[802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows)
[802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows)
[802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows)
[802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
[802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
[802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows)
[802450] Opera Address Bar Spoofing Vulnerability (Windows)
[802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)
[802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows)
[802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows)
[802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows)
[802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690)
[802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)
[802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows)
[802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
[802365] Opera Cache History Information Disclosure Vulnerability (Windows)
[802363] Opera Multiple Information Disclosure Vulnerabilities (Windows)
[802361] Opera Multiple Vulnerabilities - December11 (Windows)
[802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows)
[802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows)
[802349] PHP EXIF Header Denial of Service Vulnerability (Windows)
[802345] Google Chrome Multiple Vulnerabilities - November11 (Windows)
[802343] ChaSen Buffer Overflow Vulnerability (Windows)
[802340] EtherApe RPC Packet Processing Denial of Service Vulnerability
[802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows)
[802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows)
[802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011
[802326] Google Chrome multiple vulnerabilities - September11 (Windows)
[802316] Google Chrome Multiple Vulnerabilities - August11 (Windows)
[802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
[802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows)
[802309] XnView File Search Path Executable File Injection Vulnerability (Windows)
[802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows)
[802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows)
[802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows)
[802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability
[802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
[802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
[802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows)
[802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
[802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
[802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04)
[802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03)
[802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)
[802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01)
[802262] Google Chrome Multiple Vulnerabilities - October11 (Windows)
[802255] Google Chrome Multiple Vulnerabilities - October11 (Windows)
[802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows)
[802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows)
[802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
[802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows)
[802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04
[802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03
[802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02
[802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01
[802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows)
[802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows)
[802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows)
[802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows)
[802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows)
[802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
[802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability
[802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability
[802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows)
[802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows)
[802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)
[802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01)
[802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows)
[802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows)
[802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows)
[802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows)
[802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows)
[802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)
[802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows)
[802165] Adobe Reader Unspecified Vulnerability (Windows)
[802163] Calendar Manager Service rpc.cmsd Service Detection
[802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows)
[802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows)
[802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows)
[802150] Mozilla Products Multiple Vulnerabilities (Windows)
[802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows)
[802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows)
[802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows)
[802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows)
[802137] Nfs-utils rpc.rquotad Service Detection
[802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
[802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows)
[802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows)
[802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows)
[802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows)
[802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows)
[802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows)
[802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows)
[802102] Google Chrome Multiple Vulnerabilities - June 11(Windows)
[802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows)
[801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows)
[801937] IBM solidDB RPC Test Commands Denial of Service Vulnerabilities
[801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities
[801934] Microsoft Silverlight Version Detection
[801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows)
[801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows)
[801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows)
[801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows)
[801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows)
[801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows)
[801897] TigerVNC Version Detection (Windows)
[801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows)
[801887] Mozilla Products Unspecified Vulnerability May-11 (Windows)
[801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)
[801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02
[801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01
[801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows)
[801878] Google Chrome multiple vulnerabilities - May11 (Windows)
[801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability
[801875] Mozilla Firefox Information Disclosure Vulnerability (Windows)
[801872] Synergy Protocol Information Disclosure Vulnerability (Windows)
[801871] Synergy Version Detection (Windows)
[801855] Google Chrome multiple vulnerabilities - March 11 (Windows)
[801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows)
[801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows)
[801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability
[801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
[801825] Google Chrome multiple vulnerabilities - Jan11 (Windows)
[801797] Python Multiple Vulnerabilities (Windows)
[801795] Python Version Detection (Windows)
[801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows)
[801790] Perl Denial of Service Vulnerability (Windows)
[801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows)
[801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows)
[801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)
[801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows)
[801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows)
[801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows)
[801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows)
[801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows)
[801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows)
[801772] Rsync Multiple Denial of Service Vulnerabilities (Windows)
[801771] Perl Laundering Security Bypass Vulnerability (Windows)
[801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows)
[801769] Google Picasa Version Detection (Windows)
[801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows)
[801763] Google Chrome Multiple Vulnerabilities - March 11(Windows)
[801761] Wireshark Denial of Service Vulnerability March-11 (Windows)
[801758] Wireshark Denial of Service Vulnerability March-11 (Windows)
[801757] Wireshark Multiple Vulnerabilities March-11 (Windows)
[801756] Wireshark Denial of Service Vulnerability - March-11 (Windows)
[801755] Wireshark Multiple Vulnerabilities - March-11 (Windows)
[801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows)
[801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)
[801742] Wireshark Denial of Service Vulnerability (Windows)
[801739] Google Chrome multiple vulnerabilities - February 11(Windows)
[801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows)
[801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows)
[801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
[801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
[801721] Microsoft Active Directory Denial of Service Vulnerability (953235)
[801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
[801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
[801712] Vulnerability in RPC Could Allow Denial of Service (933729)
[801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
[801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution
[801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
[801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
[801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
[801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows)
[801678] Google Chrome multiple vulnerabilities - Dec10 (Windows)
[801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
[801667] Google Chrome multiple vulnerabilities - Dec 10(Windows)
[801637] Mozilla Firefox Security Bypass Vulnerability (Windows)
[801629] Adobe Flash Player Multiple Vulnerabilities (Windows)
[801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability
[801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
[801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
[801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
[801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
[801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability
[801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows)
[801540] Google Chrome multiple vulnerabilities - November 10(Windows)
[801530] Oracle Java SE Multiple Vulnerabilities (Windows)
[801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
[801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
[801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows)
[801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
[801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
[801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
[801495] Opera Browser Multiple Vulnerabilities December-10 (Windows)
[801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
[801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)
[801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
[801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)
[801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
[801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)
[801477] Adobe Products Content Code Execution Vulnerability (Windows)
[801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows)
[801474] Opera Browser Multiple Vulnerabilities October-10 (Windows)
[801473] Google Chrome multiple vulnerabilities - October 10(Windows)
[801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows)
[801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows)
[801469] Mozilla Products Unspecified Vulnerability (Windows)
[801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows)
[801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows)
[801465] Adobe Flash Player Untrusted search path vulnerability (windows)
[801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows)
[801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows)
[801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows)
[801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows)
[801447] Google Chrome multiple vulnerabilities (Windows) Sep10
[801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows)
[801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows)
[801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637)
[801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows)
[801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows)
[801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
[801358] MS Windows Help and Support Center Remote Code Execution Vulnerability
[801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)
[801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10
[801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows)
[801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
[801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
[801342] Microsoft ASP.NET Cross-Site Scripting vulnerability
[801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows)
[801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
[801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows)
[801319] VMware Products Multiple Vulnerabilities (Windows)
[801302] Skype Extras Manager Unspecified Vulnerability (Windows)
[801301] Skype Version Detection (Windows)
[801257] Opera Browser Multiple Vulnerabilities August-10 (Windows)
[801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows)
[801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
[801034] Wireshark 'DCERPC/NT' Dissector DOS Vulnerability - Nov09 (Win)
[801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows)
[800999] Visualization Library Version Detection (Windows)
[800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability
[800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows)
[800966] Perl Version Detection (Windows)
[800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
[800902] Microsoft Internet Explorer XSS Vulnerability - July09
[800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09
[800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09
[800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
[800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
[800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
[800770] Google Chrome Multiple Vulnerabilities Windows - May10
[800761] HP System Management Homepage Unspecified Vulnerability (Windows)
[800755] Mozilla Products Firebug Code Execution Vulnerability (Windows)
[800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows)
[800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows
[800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows)
[800750] Mozilla Products Denial of Service Vulnerability (Windows)
[800742] Microsoft Internet Explorer Unspecified vulnerability
[800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability
[800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09
[800505] Microsoft HTML Help Workshop buffer overflow vulnerability
[800499] Oracle Java SE Multiple Vulnerabilities (Windows)
[800481] Microsoft SharePoint Cross Site Scripting Vulnerability
[800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
[800435] Google SketchUp Multiple Vulnerabilities (Windows)
[800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
[800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
[800347] Microsoft Internet Explorer Clickjacking Vulnerability
[800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
[800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability
[800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability
[800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows)
[800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability
[800217] Microsoft Money Version Detection
[800215] PGP Desktop Version Detection (Windows)
[800209] Microsoft Internet Explorer Version Detection (Win)
[800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
[800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows
[800120] Google Chrome Version Detection (Windows)
[800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)
[800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
[800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability
[800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows)
[800016] Mozilla SeaMonkey Version Detection (Windows)
[800000] VMWare products version detection (Windows)
[103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
[101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
[101018] Windows SharePoint Services detection
[101017] Microsoft MS03-018 security check
[101016] Microsoft MS03-022 security check
[101015] Microsoft MS03-034 security check
[101014] Microsoft MS00-078 security check
[101012] Microsoft MS03-051 security check
[101010] Microsoft Security Bulletin MS05-004
[101009] Microsoft Security Bulletin MS06-033
[101007] Microsoft dotNET version grabber
[101006] Microsoft Security Bulletin MS06-056
[101005] Microsoft Security Bulletin MS07-040
[101004] Microsoft MS04-017 security check
[101003] Microsoft MS00-058 security check
[101000] Microsoft MS00-060 security check
[100952] Microsoft IIS FTPd NLST stack overflow
[100950] Microsoft DNS server internal hostname disclosure detection
[100798] MailEnable 'MESMTRPC.exe' SMTP Service Multiple Remote Denial of Service Vulnerabilities
[100608] Windows NT NNTP Component Buffer Overflow
[100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
[100529] PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities
[100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
[100062] Microsoft Remote Desktop Protocol Detection
[96204] Get Windows Eventlog Entries over WMI
[90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553)
[80036] rpc.ypupdated remote execution
[80034] irix rpc.passwd overflow
[80029] rpc.nisd overflow
[80007] Microsoft MS00-06 security check
[65954] SLES10: Security update for librpcsecgss
[64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8)
[58670] Debian Security Advisory DSA 1387-1 (librpcsecgss)
[58588] Debian Security Advisory DSA 1368-1 (librpcsecgss)
[55127] Gentoo Security Advisory GLSA 200508-13 (pear-xml_rpc phpxmlrpc)
[55050] FreeBSD Ports: pear-XML_RPC
[54977] Gentoo Security Advisory GLSA 200507-01 (pear-xml_rpc phpxmlrpc)
[54206] FreeBSD Ports: pear-XML_RPC
[53990] FreeBSD Ports: pear-XML_RPC
[53957] Slackware Advisory SSA:2005-111-02 Python SimpleXMLRPCServer module
[53601] Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc)
[53163] Debian Security Advisory DSA 466-1 (kernel-source-2.2.10, kernel-image-2.2.10-powerpc-apus)
[53114] Debian Security Advisory DSA 417-1 (kernel-patch-2.4.18-powerpc, kernel-image-2.4.18-1-alpha)
[20377] Windows Server Update Services detection
[15467] Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)
[14229] HTTP Directory Traversal (Windows)
[13752] Denial of Service (DoS) in Microsoft SMS Client
[11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
[11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
[11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability
[11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009)
[11429] Windows Messenger is installed
[11418] Sun rpc.cmsd overflow
[11340] SSH Secure-RPC Weak Encrypted Authentication
[11217] Microsoft's SQL Version Query
[11177] Flaw in Microsoft VM Could Allow Code Execution (810030)
[11160] Windows Administrator NULL FTP password
[11159] MS RPC Services null pointer reference DoS
[11147] Unchecked Buffer in Windows Help(Q323255)
[11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380)
[11111] rpcinfo -p
[11091] Windows Network Manager Privilege Elevation (Q326886)
[11067] Microsoft's SQL Hello Overflow
[10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206)
[10930] HTTP Windows 98 MS/DOS device names DOS
[10929] FTP Windows 98 MS/DOS device names DOS
[10862] Microsoft's SQL Server Brute Force
[10763] Detect the HTTP RPC endpoint mapper
[10755] Microsoft Exchange Public Folders Information Leak
[10680] Test Microsoft IIS Source Fragment Disclosure
[10674] Microsoft's SQL UDP Info Query
[10673] Microsoft's SQL Blank Password
[10491] ASP/ASA source using Microsoft Translate f: bug
[10144] Microsoft SQL TCP/IP listener is running
[2497] IBM Lotus Domino Notes RPC Authentication Processing Denial of Service Vulnerability
SecurityTracker - https://www.securitytracker.com:
[1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services
[1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code
[1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code
[1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service
[1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users
[1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users
[1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code
[1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code
[1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution
[1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service
[1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets
[1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
[1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges
[1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges
[1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
[1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates
[1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027114] Microsoft Windows Includes Some Invalid Certificates
[1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges
[1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
[1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code
[1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
[1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
[1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions
[1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges
[1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code
[1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
[1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code
[1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code
[1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code
[1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service
[1025248] Microsoft Windows Includes Some Invalid Comodo Certificates
[1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service
[1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges
[1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges
[1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code
[1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
[1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service
[1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code
[1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code
[1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges
[1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service
[1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code
[1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges
[1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution
[1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code
[1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code
[1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases
[1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code
[1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code
[1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges
[1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges
[1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service
[1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands
[1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service
[1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service
[1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code
[1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code
[1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service
[1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code
[1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service
[1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code
[1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges
[1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code
[1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications
[1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code
[1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code
[1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code
[1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems
[1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code
[1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code
[1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code
[1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code
[1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges
[1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
[1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service
[1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges
[1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code
[1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code
[1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box
[1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
[1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code
[1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
[1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code
[1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code
[1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code
[1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges
[1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System
[1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules
[1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing
[1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code
[1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation
[1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service
[1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code
[1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code
[1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code
[1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code
[1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges
[1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code
[1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System
[1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
[1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges
[1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code
[1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code
[1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code
[1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code
[1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information
[1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag
[1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service
[1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code
[1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code
[1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code
[1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges
[1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows
[1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks
[1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System
[1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service
[1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations
[1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code
[1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code
[1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service
[1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File
[1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files
[1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
[1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
[1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users
[1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code
[1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges
[1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code
[1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges
[1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
[1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports
[1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service
[1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service
[1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users
[1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution
[1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service
[1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code
[1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
[1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges
[1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges
[1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
[1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues
[1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users
[1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications
[1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution
[1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
[1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
[1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
[1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
[1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata
[1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
[1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
[1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs
[1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System
[1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
[1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code
[1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks
[1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code
[1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
[1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code
[1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications
[1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges
[1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server
[1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows
[1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection
[1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code
[1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges
[1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users
[1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions
[1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone
[1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created
[1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed
[1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code
[1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System
[1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet
[1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System
[1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them
[1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms
[1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
[1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System
[1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML
[1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
[1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition
[1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
[1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
[1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
[1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
[1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
[1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations
[1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
[1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server
[1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files
[1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations
[1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
[1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
[1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users
[1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations
[1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail
[1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities
[1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC
[1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users
[1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents
[1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions
[1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes
[1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users
[1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts
[1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations
[1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users
[1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts
[1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
[1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
[1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
[1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
[1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
[1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users
[1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users
[1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations
[1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack
[1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash
[1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program
[1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service
[1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service
[1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
[1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
[1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
[1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption
[1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
[1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
[1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
[1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
[1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host
[1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning
[1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
[1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
[1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
[1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
[1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
[1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
[1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention
[1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
[1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
[1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events
OSVDB - http://www.osvdb.org:
[96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution
[83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation
[69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS
[68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation
[68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS
[67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution
[67981] Microsoft Windows RPC Response Processing Remote Memory Corruption
[59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow
[59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation
[54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution
[54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation
[53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation
[49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution
[49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution
[37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
[37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
[34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow
[32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS
[30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS
[27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow
[26438] Microsoft Windows RPC Mutual Authentication Server Spoofing
[26436] Microsoft Windows RASMAN RPC Request Remote Overflow
[25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow
[17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure
[17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration
[13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS
[13020] Microsoft Windows XP RPC Cache Memory Leak
[11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow
[11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation
[11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork)
[11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS
[10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation
[7117] Microsoft Windows RPC Locator Remote Overflow
[5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure
[5246] Microsoft Windows CIS/RPC Over HTTP DoS
[5245] Microsoft Windows RPCSS Large Length Field DoS
[2670] Microsoft Windows RPC Race Condition DoS
[2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow
[2100] Microsoft Windows RPC DCOM Interface Overflow
[1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS
[673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS
[408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS
[398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
[96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS
[96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS
[96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption
[96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196)
[96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197)
[96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198)
[95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure
[95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure
[94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation
[94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution
[94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution
[94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation
[94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation
[94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow
[94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS
[94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure
[94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation
[94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation
[94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS
[94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure
[93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation
[93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation
[93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow
[93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation
[93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite
[93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS
[92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation
[92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292)
[92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS
[92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283)
[92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption
[92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS
[92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294)
[92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284)
[92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution
[91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness
[91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS
[91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass
[91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own)
[91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own)
[91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287)
[91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286)
[91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285)
[90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
[90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS
[90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution
[90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation
[90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS
[90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation
[90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279)
[90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation
[90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277)
[90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276)
[90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275)
[90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274)
[90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273)
[90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272)
[90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271)
[90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270)
[90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269)
[90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268)
[90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267)
[90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266)
[90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265)
[90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264)
[90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263)
[90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262)
[90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261)
[90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260)
[90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259)
[90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258)
[90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257)
[90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256)
[90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255)
[90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation
[90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253)
[90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252)
[90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251)
[90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250)
[90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249)
[90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248)
[90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution
[90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS
[90128] Microsoft Windows Media Content Handling Arbitrary Code Execution
[89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS
[89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness
[88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness
[88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation
[88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow
[88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption
[88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption
[88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness
[88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution
[88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution
[88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation
[88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow
[88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS
[87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553)
[87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530)
[87260] Microsoft Windows Briefcase Handling Underflow (2012-1527)
[87259] Microsoft Windows Briefcase Handling Underflow (2012-1528)
[86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness
[86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS
[86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass
[86865] Microsoft Windows UAC Protection User-assisted Circumvention
[86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS
[86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow
[86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
[86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS
[86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow
[85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation
[85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow
[85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness
[85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation
[85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness
[85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS
[85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS
[85038] Microsoft Windows Filename Extension Handling Overflow DoS
[84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption
[84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation
[84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution
[84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow
[84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow
[84599] Microsoft Windows Print Spooler Service Remote Format String
[84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS
[84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution
[83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness
[83750] Microsoft Windows Gadgets Unspecified Remote Code Execution
[83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure
[83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation
[83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation
[83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow
[83656] Microsoft Windows File / Directory Name Handling Remote Code Execution
[83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion
[83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS
[83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure
[82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS
[82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation
[82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow
[82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation
[82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865)
[82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864)
[82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution
[82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation
[82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation
[82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing
[82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS
[82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow
[82505] Microsoft Windows IE Instances Overflow Group Policy Bypass
[82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness
[81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution
[81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation
[81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass
[81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation
[81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution
[81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation
[81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation
[81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation
[81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS
[81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution
[80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS
[80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS
[80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS
[80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation
[80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution
[79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
[79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation
[79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow
[79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation
[79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation
[79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution
[78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection
[78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution
[78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution
[78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution
[78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass
[78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution
[78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation
[78010] Microsoft Windows Phone Text Message Parsing Remote DoS
[77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption
[77667] Microsoft Windows Active Directory Query Parsing Remote Overflow
[77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation
[77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution
[77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation
[77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption
[77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation
[77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS
[77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass
[76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass
[76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution
[76900] Microsoft Windows Malformed TrueType Font Parsing DoS
[76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow
[76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation
[76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation
[76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution
[76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution
[76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow
[76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS
[76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution
[76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution
[75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS
[75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation
[75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution
[75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness
[75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS
[75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS
[75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS
[74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS
[74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS
[74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution
[74407] Microsoft Windows Kernel File Metadata Handling Remote DoS
[74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS
[74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS
[74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation
[74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation
[74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS
[74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow
[74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS
[73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS
[73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution
[73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation
[73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow
[73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow
[73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation
[73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation
[73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure
[73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888)
[73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887)
[73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885)
[73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881)
[73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880)
[73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875)
[73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884)
[73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883)
[73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882)
[73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879)
[73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878)
[73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877)
[73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876)
[73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874)
[73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution
[73602] Microsoft Windows nsiproxy.sys Local DoS
[72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution
[72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation
[72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS
[72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS
[72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS
[72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS
[72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS
[72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution
[72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution
[72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness
[72672] Microsoft Windows AppFix systest.sdb Local DoS
[72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
[72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution
[71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution
[71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution
[71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution
[71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow
[71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption
[71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow
[71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption
[71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow
[71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow
[71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution
[71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242)
[71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241)
[71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240)
[71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239)
[71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238)
[71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237)
[71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236)
[71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235)
[71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234)
[71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675)
[71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674)
[71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672)
[71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671)
[71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670)
[71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667)
[71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666)
[71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665)
[71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662)
[71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233)
[71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232)
[71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231)
[71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230)
[71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229)
[71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228)
[71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227)
[71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226)
[71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225)
[71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677)
[71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676)
[71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673)
[71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS
[71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass
[71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution
[71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution
[71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution
[70885] Microsoft Windows LSASS Authentication Request Privilege Escalation
[70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow
[70835] Microsoft Windows Kerberos Authentication Downgrade Weakness
[70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery
[70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure
[70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure
[70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS
[70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation
[70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087)
[70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086)
[70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation
[70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation
[70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation
[70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS
[70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution
[70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS
[70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow
[70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow
[70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution
[69824] Microsoft Windows Consent User Interface Local Privilege Escalation
[69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution
[69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution
[69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution
[69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution
[69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS
[69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution
[69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation
[69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation
[69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation
[69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation
[69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation
[69797] Microsoft Windows win32k.sys Unspecified Local Overflow
[69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow
[69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation
[68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution
[68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass
[68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution
[68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS
[68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution
[68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution
[68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption
[68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
[68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow
[68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation
[68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation
[68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution
[68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow
[68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation
[68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation
[67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow
[67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation
[67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow
[67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption
[67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution
[67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution
[67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution
[67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution
[67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution
[67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution
[67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution
[67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution
[67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution
[67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution
[67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution
[67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution
[67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS
[67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation
[67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow
[67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS
[66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS
[66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation
[66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation
[66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution
[66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow
[66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow
[66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution
[66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation
[66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation
[66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation
[66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS
[66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation
[66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation
[66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS
[66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS
[66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution
[66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow
[66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution
[66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation
[66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure
[65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS
[65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution
[65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation
[65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation
[65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation
[65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution
[65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution
[65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution
[65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation
[64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476)
[64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption
[64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477)
[64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269)
[64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption
[64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow
[64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness
[64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS
[64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS
[64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS
[64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation
[63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution
[63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow
[63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness
[63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation
[63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass
[63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure
[63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS
[63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS
[63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS
[63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation
[63732] Microsoft Windows Kernel Malformed Image Handling Local DoS
[63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation
[63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS
[63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS
[63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS
[63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow
[63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS
[63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption
[62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution
[62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow
[62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution
[62660] Microsoft Windows Unspecified API Argument Validation Local DoS
[62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS
[62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat)
[62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution
[62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation
[62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS
[62257] Microsoft Windows DirectShow AVI File Decompression Overflow
[62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution
[62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS
[62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS
[62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness
[62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation
[62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
[62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution
[62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution
[62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution
[62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS
[62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution
[62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution
[62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation
[62242] Microsoft Windows Paint JPEG Image Decoding Overflow
[61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation
[61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS
[61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution
[61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312)
[61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311)
[60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption
[60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption
[60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow
[60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow
[60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution
[60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing
[60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass
[60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption
[60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS
[60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS
[60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
[60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation
[60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation
[60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS
[60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure
[60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution
[60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass
[59957] Microsoft Windows SMB Response Handling Remote DoS
[59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS
[59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution
[59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation
[59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation
[59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption
[59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS
[59738] Microsoft Windows ZIP Filename Handling Overflow DoS
[59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation
[59734] Microsoft Windows Log Clearning Function Admin Notification Weakness
[59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
[59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness
[59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
[59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
[59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS
[59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
[59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL)
[59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
[59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure
[59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
[59340] Microsoft Windows NT Logon Box Account Name Disclosure
[59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS
[59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation
[59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt)
[59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS
[59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag)
[59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS
[58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution
[58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS
[58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS
[58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS
[58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation
[58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation
[58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness
[58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing
[58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution
[58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution
[58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution
[58843] Microsoft Windows Media Player ASF Handling Overflow
[58786] Microsoft Windows User Profile Unloading Session Persistence Weakness
[58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow
[58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow
[57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution
[57803] Microsoft Windows Media MP3 File Handling Memory Corruption
[57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution
[57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS
[57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution
[57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS
[57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution
[57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS
[57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS
[56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow
[56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow
[56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution
[56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access
[56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution
[56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation
[56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow
[56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow
[56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation
[56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness
[56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution
[56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness
[55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow
[55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow
[55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS
[55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure
[55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS
[55309] Microsoft Windows ICMP Type 9 Packet Remote DoS
[55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS
[55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS
[54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow
[54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation
[54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation
[54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation
[54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation
[54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow
[54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS
[54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution
[54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure
[54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure
[54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow
[54931] Microsoft Windows SystemParametersInfo() Function SPI_*DESKWALLPAPER Call Local DoS
[54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS
[53804] Microsoft Windows Media Player MID File Handling Overflow DoS
[53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation
[53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation
[53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution
[53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness
[53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow
[53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution
[53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure
[53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation
[53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS
[52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN)
[52694] Microsoft Windows Media Player Malformed GET Request DoS
[52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation
[52685] Microsoft Windows FTP Client Multiple Command Overflows
[52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS
[52682] Microsoft Windows Explorer ZIP Handler DoS
[52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass
[52524] Microsoft Windows Invalid Pointer Local Privilege Escalation
[52523] Microsoft Windows Handle Validation Local Privilege Escalation
[52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution
[52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass
[52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness
[52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness
[52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness
[52517] Microsoft Windows DNS Server Query Validation Spoofing
[51433] Microsoft Windows Crafted CHM File Handling Overflow
[51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow
[50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption
[50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution
[50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution
[50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow
[50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow
[50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure
[50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution
[50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow
[50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption
[50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS
[50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS
[50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS
[50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration
[49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS
[49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS
[49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution
[49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass
[49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow
[49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation
[49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow
[49057] Microsoft Windows SMB File Name Handling Remote Underflow
[49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation
[49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution
[49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation
[49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation
[48837] Microsoft Windows Vista Page Fault Handling DoS
[48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS
[48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass
[48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution
[48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS
[48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download
[48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow
[47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution
[47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow
[47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation
[47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation
[47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations
[47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure
[47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow
[46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS
[46801] Microsoft Windows Calendar Malformed ICS File Handling DoS
[46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning
[46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning
[46774] Microsoft Windows Explorer Saved Search File Handling DoS
[46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow
[46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS
[46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS
[46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS
[46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation
[46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution
[46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution
[45809] Microsoft Windows Vista Kernel Unspecified Remote Issue
[45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow
[45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS
[45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow
[45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation
[44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution
[44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution
[44880] Microsoft Windows msjet40.dll MDB File Handling Overflow
[44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation
[44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution
[44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow
[44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow
[44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows
[44206] Microsoft Windows Kernel Unspecified Privilege Escalation
[44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness
[44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing
[44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption
[44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass
[43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS
[43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS
[43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass
[43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass
[43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS
[42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow
[41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows
[41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow
[41491] Microsoft Windows Vista Crafted DHCP Response DoS
[41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution
[41156] Microsoft Windows x64 Kernel PatchGuard Bypass
[41155] Microsoft Windows Hardware-enforced DEP Bypass
[41154] Microsoft Windows XP EFS Cleartext Password Storage
[41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation
[41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness
[41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness
[41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution
[41065] Microsoft Windows kernel32.dll Multiple Function DoS
[41064] Microsoft Windows ntdll.dll Multiple Function DoS
[41059] Microsoft Windows ARP Saturation Remote DoS
[40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation
[40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution
[40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS
[39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow
[39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow
[39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow
[39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS
[39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution
[39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution
[39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution
[39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation
[39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution
[39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution
[39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS
[38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS
[38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption
[38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS
[37637] Microsoft Windows Crafted HLP File Overflow
[37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation
[37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption
[37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution
[37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow
[36938] Microsoft Windows XP Kernel Process Scheduler Local DoS
[36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS
[36935] Microsoft Windows Services for UNIX Local Privilege Escalation
[36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue
[36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution
[36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS
[36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow
[36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow
[36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow
[36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution
[36385] Microsoft Windows Media Player Skin File Handling Overflow
[36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS
[36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS
[36146] Microsoft Windows Terminal Services TLS Downgrade Weakness
[36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion
[36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation
[36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation
[36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS
[36138] Microsoft Windows Active Directory Time Restriction User Enumeration
[36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow
[35962] Microsoft Windows XP Registry QHEADLES Permission Weakness
[35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS
[35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution
[35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass
[35637] Microsoft Windows Unspecified Remote Code Execution
[35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution
[35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure
[35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure
[35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure
[35341] Microsoft Windows Win32 API Unspecified Remote Code Execution
[34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS
[34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion
[34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution
[34101] Microsoft Windows XP winmm.dll mmioRead Function DoS
[34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation
[34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS
[34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation
[34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation
[34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation
[34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation
[34010] Microsoft Windows XP UPnP Remote Memory Corruption
[34009] Microsoft Windows Agent URL Parsing Memory Corruption
[34008] Microsoft Windows Vista CSRSS Local Privilege Escalation
[33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence
[33667] Microsoft Windows Vista Persistent Established Teredo Address
[33666] Microsoft Windows Vista Teredo nonce Spoofing
[33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect
[33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS
[33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing
[33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing
[33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing
[33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS
[33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS
[33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS
[33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure
[33307] Microsoft Windows Media MID Malformed Header Chunk DoS
[33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS
[33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS
[32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS
[32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS
[31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure
[31890] Microsoft Windows Shell New Hardware Local Privilege Escalation
[31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation
[31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution
[31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution
[31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation
[31645] Microsoft Windows DNS Recursive Query DoS
[30997] Microsoft Windows .manifest File Handling Local DoS
[30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption
[30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution
[30819] Microsoft Windows Media Player ASX Playlist Handling Overflow
[30818] Microsoft Windows Media Player ASF Parsing Overflow
[30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite
[30811] Microsoft Windows SNMP Service Remote Overflow
[30405] Microsoft Windows Active Directory Unspecified DoS
[30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow
[30262] Microsoft Windows Agent ACF File Handling Memory Corruption
[30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS
[30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution
[30214] Microsoft Windows GDI Kernel Structure Modification Code Execution
[30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS
[29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
[29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
[29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
[29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
[29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue
[29424] Microsoft Windows Object Packager File Extension Dialog Spoofing
[29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS
[29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation
[29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution
[29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS
[28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution
[28729] Microsoft Windows Indexing Service Unspecified XSS
[28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS
[28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow
[27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation
[27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution
[27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation
[27844] Microsoft Windows DNS Client Service Record Response Overflow
[27843] Microsoft Windows Winsock API Hostname Remote Code Execution
[27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS
[27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS
[27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure
[27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow
[27152] Microsoft Windows IIS ASP Page Processing Overflow
[27151] Microsoft Windows DHCP Client Service Crafted Response Overflow
[26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow
[26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS
[26437] Microsoft Windows RRAS RASMAN Remote Overflow
[26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow
[26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow
[26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow
[26430] Microsoft Windows Media Player PNG Processing Overflow
[25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow
[25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness
[25501] Microsoft Windows itss.dll CHM Processing Overflow
[25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow
[25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS
[24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow
[24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow
[24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution
[23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation
[23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow
[23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS
[23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution
[23131] Microsoft Windows Media Player Bitmap File Processing Overflow
[23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[22710] Microsoft Windows Ad-hoc Network Advertisement Weakness
[22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS
[22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS
[22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS
[21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution
[21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
[21536] Microsoft Windows backup File Name Extension Overflow
[21510] Microsoft Windows SynAttackProtect Bypass
[20916] Microsoft Windows UPnP GetDeviceList Remote DoS
[20875] Microsoft Windows XP Professional Upgrade MSIE Rollback
[20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS
[20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow
[20497] Microsoft Windows 98SE User32.dll Icon DoS
[20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout
[20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission
[20364] Microsoft Windows keybd_event Validation Privilege Escalation
[20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS
[20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS
[20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
[20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
[20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
[20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
[20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS
[20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS
[20028] Microsoft Windows XP SP2 TFTP Local Overflow
[20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
[20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
[20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
[19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
[19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
[19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
[19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
[19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
[19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
[19993] Microsoft Windows 2000 LDAPS CA Trust Issue
[19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow
[19904] Microsoft Windows DTC Packet Relay DoS
[19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS
[19902] Microsoft Windows COM+ Remote Code Execution
[19901] Microsoft Windows FTP Client Arbitrary File Write
[19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122)
[19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118)
[19898] Microsoft Windows Web View Arbitrary Script Injection
[19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure
[19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation
[19775] Microsoft Windows XP ISAKMP UDP Saturation DoS
[19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS
[19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness
[19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning
[19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass
[19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution
[19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS
[18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation
[18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow
[18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow
[18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution
[18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627)
[18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation
[18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505)
[18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows
[18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS
[18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS
[18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning
[18681] Microsoft Windows XP User Account Manager Hidden User
[18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS
[18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing
[18608] Microsoft Windows Kerberos Crafted Packet Remote DoS
[18607] Microsoft Windows Print Spooler Service Remote Overflow
[18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow
[18605] Microsoft Windows Plug-and-Play Service Remote Overflow
[18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS
[18493] Microsoft Windows USB Device Driver Overflow
[17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS
[17885] Microsoft Windows Network Connections Service netman.dll Remote DoS
[17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow
[17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow
[17309] Microsoft Windows Web Client Request Processing Remote Code Execution
[17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution
[17305] Microsoft Windows HTML Help (CHM) File Overflow
[17304] Microsoft Windows Interactive Training .cbo File User Field Overflow
[17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure
[16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection
[16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow
[15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution
[15739] Microsoft Windows Malformed Image Rendering DoS
[15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion
[15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution
[15463] Microsoft Windows IP Validation Failure Remote Code Execution
[15462] Microsoft Windows CSRSS Local Overflow
[15461] Microsoft Windows Object Management Malformed Request DoS
[15460] Microsoft Windows Kernel Access Request Local Privilege Escalation
[15459] Microsoft Windows Font Processing Local Privilege Escalation
[15458] Microsoft Windows Message Queuing Remote Overflow
[15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass
[15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS
[15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
[15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
[15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
[15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS
[15338] Microsoft Windows Server 2003 Terminal Session Close DoS
[15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
[15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
[15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
[15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
[15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
[15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
[15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
[15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS
[15171] Microsoft Windows XP Search Function Arbitrary XML Injection
[15075] Microsoft Windows wab32.dll Malformed .wab File DoS
[15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS
[14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS
[14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution
[14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land)
[14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS
[14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS
[14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow
[14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness
[14182] Microsoft Windows Drive Restriction Group Policy Bypass
[14118] Microsoft Windows Malformed ARP Packet Saturation DoS
[13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
[13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow
[13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS
[13609] Microsoft Windows Hyperlink Object Library Overflow
[13602] Microsoft Windows OLE Input Validation Overflow
[13601] Microsoft Windows COM Structured Storage Privilege Escalation
[13600] Microsoft Windows SMB Transaction Data Overflow
[13599] Microsoft Windows License Logging Service Overflow
[13597] Microsoft Windows Media Player PNG File Overflow
[13596] Microsoft Windows XP Named Pipe Username Disclosure
[13595] Microsoft Windows Sharepoint Services HTML Redirection XSS
[13577] Microsoft Windows NetBIOS Remote Host Information Disclosure
[13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness
[13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness
[13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS
[13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow
[13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
[13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
[13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
[13440] Microsoft Windows XP Hot Keys Screen Lock Bypass
[13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure
[13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
[13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS
[13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS
[13424] Microsoft Windows 2000 Current Password Change Policy Bypass
[13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
[13422] Microsoft Windows PPTP Service Malformed Control Data Overflow
[13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS
[13420] Microsoft Windows NTFS Hard Link Audit Bypass
[13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution
[13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter)
[13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
[13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow
[13411] Microsoft Windows XP Redirector Function Long Parameter Overflow
[13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
[13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow
[13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow
[13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows
[13330] Microsoft Windows HKLM Registry Key Locking DoS
[12842] Microsoft Windows Cursor and Icon Validation Code Execution
[12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution
[12832] Microsoft Windows Indexing Service Query Overflow
[12655] Microsoft Windows Active Directory LSASS.EXE DoS
[12625] Microsoft Windows winhlp32.exe Overflow
[12624] Microsoft Windows Kernel ANI File Parsing DoS
[12623] Microsoft Windows LoadImage API Overflow
[12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation
[12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure
[12507] Microsoft Windows XP SP2 Popup Blocker Bypass
[12482] Microsoft Windows XP Dial-Up Access Firewall Disable
[12378] Microsoft Windows WINS Association Context Validation Remote Code Execution
[12377] Microsoft Windows NT DHCP Message Length Remote Overflow
[12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation
[12374] Microsoft Windows HyperTerminal Session File Remote Overflow
[12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation
[12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS
[12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution
[12123] Microsoft Windows ipconfig.exe Overflow
[12001] Microsoft Windows XP SP2 File Download Warning Bypass
[12000] Microsoft Windows XP SP2 Unspecified Local Zone Access
[11999] Microsoft Windows XP SP2 Unspecified Remote File Access
[11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS
[11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass
[11801] Microsoft Windows Small Buffer Length SMB Packet Overflow
[11799] Microsoft Windows SMB Signing Group Policy Modification
[11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
[11479] Microsoft Windows NT Double Dot Samba Client DoS
[11478] Microsoft Windows NT Malformed SMB Logon Request DoS
[11477] Microsoft Windows NT LSASS.EXE Access Violation DoS
[11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation
[11475] Microsoft Windows NT NtOpenProcessToken Permission Failure
[11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS
[11473] Microsoft Windows NT Messenger Service Long Username DoS
[11472] Microsoft Windows NT DNS Server Malformed Response DoS
[11471] Microsoft Windows NT DNS Server Character Saturation DoS
[11470] Microsoft Windows NT Help File Utility Overflow
[11469] Microsoft Windows NT Malformed File Image Header DoS
[11468] Microsoft Windows NT IOCTL Function DoS
[11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution
[11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow
[11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow
[11453] Microsoft Windows 98 Malformed oshare Packet DoS
[11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS
[11259] Microsoft Windows NT Domain User Login System Policy Download Failure
[11162] Microsoft Windows 95 .pwl File Weak Password Encryption
[11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share
[11158] Microsoft Windows NT Malformed Token Ring DoS
[11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS
[11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass
[11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass
[11094] Microsoft Windows NT User Mode Application Handle Closing DoS
[11053] Microsoft Windows XP Explorer WAV Parsing DoS
[11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS
[10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution
[10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation
[10975] Microsoft Windows NT Winpopup Long Username DoS
[10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow
[10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow
[10936] Microsoft Windows Messenger Service Message Length Remote Overflow
[10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure
[10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS
[10699] Microsoft Windows Program Group Converter Arbitrary Code Execution
[10698] Microsoft Windows Shell Application Start Arbitrary Code Execution
[10697] Microsoft Windows/Exchange NNTP Component Remote Overflow
[10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow
[10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow
[10693] Microsoft Windows Unspecified Kernel Local DoS
[10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution
[10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation
[10690] Microsoft Windows Management APIs Local Privilege Escalation
[10689] Microsoft Windows NetDDE Remote Overflow
[10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS
[10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation
[10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification
[10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation
[10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
[10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution
[10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass
[10615] Microsoft Windows NT linux smbmount Request DoS
[10614] Microsoft Windows NT %systemroot% Path Inclusion
[10609] Microsoft Windows WINS Malformed Packet Consumption DoS
[10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS
[10607] Microsoft Windows ICMP Redirect Spoofing DoS
[10606] Microsoft Windows LSA NULL Policy Handle DoS
[10604] Microsoft Windows NT PATH Working Directory Inclusion
[10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS
[10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay
[10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass
[9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value
[9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS
[9530] Microsoft Windows CRL File Digital Signature Verification Failure
[9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
[9359] Microsoft Windows Page File pagefile.sys Information Disclosure
[9358] Microsoft Windows NT Event Log Inappropriate Permissions
[9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions
[9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions
[9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness
[9348] Microsoft Windows NT Non-NTFS File System Insecure
[9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure
[9141] Microsoft Windows File Icon Spoofing
[9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass
[9012] Microsoft Windows XP Internet Connection Firewall Bypass
[8368] Microsoft Windows XP/2003 Login Screen Consumption DoS
[8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation
[8161] Microsoft Windows NT Invalid User Privileges
[8160] Microsoft Windows NT File/Directory Invalid Permissions
[8112] Microsoft Windows NT Weak Account Password Policy
[8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution
[7904] Microsoft Windows Media Player ActiveX File Existence Disclosure
[7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2)
[7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass
[7804] Microsoft Windows HTML Help Arbitrary Code Execution
[7803] Microsoft Windows showHelp Arbitrary Code Execution
[7800] Microsoft Windows POSIX Subsystem Privilege Escalation
[7798] Microsoft Windows Task Scheduler Remote Overflow
[7777] Microsoft Windows Media Control Preview Script Execution
[7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution
[7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access
[7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS
[7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
[7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution
[6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions
[6515] Microsoft Windows 2000 Domain Expired Account Authentication
[6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution
[6074] Microsoft Windows Me HSC hcp:// URL XSS
[6053] Microsoft Windows Help and Support Center HCP URL Code Execution
[5968] Microsoft Windows ARP Packet DoS
[5966] Microsoft Windows NT SMB Traversal Arbitrary File Access
[5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution
[5687] Microsoft Windows IE and Explorer Share Name Overflow
[5686] Microsoft Windows Telnet Service Account Information Disclosure
[5558] Microsoft Windows Media Player Advanced Streaming Format Overflow
[5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation
[5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution
[5261] Microsoft Windows ASN.1 Double Free Code Execution
[5260] Microsoft Windows SSL Library Malformed Message Remote DoS
[5259] Microsoft Windows Negotiate SSP Code Execution
[5258] Microsoft Windows Virtual DOS Machine Privilege Escalation
[5257] Microsoft Windows Local Descriptor Table Privilege Escalation
[5256] Microsoft Windows Unspecified H.323 Code Execution
[5255] Microsoft Windows Management Privilege Escalation
[5254] Microsoft Windows Utility Manager Privilege Escalation
[5253] Microsoft Windows Help and Support Center Command Execution
[5252] Microsoft Windows Metafile Code Execution
[5251] Microsoft Windows Winlogon Command Execution
[5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow
[5249] Microsoft Windows LDAP Crafted Request Remote DoS
[5248] Microsoft Windows LSASS Remote Overflow
[5179] Microsoft Windows 2000 microsoft-ds DoS
[4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry
[4467] Microsoft Windows WebDav ntdll.dll Remote Overflow
[4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
[3903] Microsoft Windows WINS Server Remote Overflow
[3902] Microsoft Windows ASN.1 Library Integer Overflow
[3711] Microsoft Windows XP Malicious Folder Automatic Code Execution
[3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access
[3106] Microsoft Windows Password Authentication Security Point of Failure
[3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution
[2960] Microsoft Windows Messenger Service Social Engineering Weakness
[2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
[2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution
[2678] Microsoft Windows Overflow in ListBox and
[2677] Microsoft Windows Arbitrary ActiveX Control Installation
[2675] Microsoft Windows HCP protocol Overflow
[2657] Microsoft Windows Message Queuing Service Heap Overflow
[2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
[2642] Microsoft Windows Unauthorised Thread Termination
[2571] Microsoft Windows TCP Packet URG Value Information Disclosure
[2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
[2507] Microsoft Windows NetBIOS Random Memory Content Disclosure
[2328] Microsoft Windows NT 4.0 with IBM JVM DoS
[2262] Microsoft Windows Media Player DHTML Local Zone Access
[2247] Microsoft Windows Media Services Remote Command Execution #2
[2244] Microsoft Windows 2000 ShellExecute() API Let
[2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
[2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS
[2073] Microsoft Windows XP Network Share Provider Overflow
[2072] Microsoft Windows Network Connection Manager Privilege Elevation
[2051] Microsoft Windows User Shell Buffer Overflow
[2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation
[1990] Microsoft Windows Terminal Services False IP Address
[1975] Microsoft Windows Terminal Server Service RDP Remote DoS
[1928] Microsoft Windows NNTP Malformed Post DoS
[1915] Microsoft Windows Media Player .NSC File Overflow
[1912] Microsoft Windows Terminal Server Malformed RDP DoS
[1861] Microsoft Windows Telnet Local System Call DoS
[1860] Microsoft Windows Telnet Service Handle Leak DoS
[1859] Microsoft Windows Telnet Multiple Sessions DoS
[1858] Microsoft Windows Telnet Service Logon Backspace DoS
[1840] Microsoft Windows Media Player Internet Shortcut Execution
[1764] Microsoft Windows 2000 Domain Controller DoS
[1758] Microsoft Windows 2000 Network DDE Escalated Privileges
[1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
[1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS
[1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution
[1672] Microsoft Windows 2000 Telnet Session Timeout DoS
[1658] Microsoft Windows Media Player .ASX File Handling Overflow
[1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution
[1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow
[1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
[1621] Microsoft Indexing Services for Windows 2000 .htw XSS
[1607] Microsoft Windows 9x Invalid Driver Type DoS
[1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS
[1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
[1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
[1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS
[1563] Microsoft Windows / Office DLL Search Path Weakness
[1546] Microsoft Windows Media Unicast Service Malformed Request DoS
[1491] Microsoft Windows 9x IPX Ping Packet DoS
[1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
[1399] Microsoft Windows 2000 Windows Station Access
[1358] Microsoft Windows NT HostAnnouncement DoS
[1308] Microsoft Windows NetBIOS NULL Source Name DoS
[1297] Microsoft Windows 2000 Active Directory Object Attribute
[1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
[1268] Microsoft Windows TCP/IP Printing Service DoS
[1257] Microsoft Windows Media License Manager DoS
[1251] Microsoft Windows MS DOS Device Name DoS
[1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS
[1214] Microsoft Windows NT Recycle Bin Deleted File Access
[1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation
[1166] Microsoft Windows NT LsaLookupSids() DoS
[1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation
[1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure
[1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution
[1134] Microsoft Windows NT Print Spooler Malformed Request Overflow
[1076] Microsoft Windows IP Source Routing
[1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation
[1046] Microsoft Windows telnet.exe Argument Overflow
[1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS
[1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation
[1010] Microsoft Windows NT Malformed LSA Request DoS
[967] Microsoft Windows NT WINS Service Malformed Data DoS
[945] Microsoft Windows 95/98 SMB Authentication Replay
[943] Microsoft Windows NT SP4 Null NT Hash Value Share Access
[931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure
[868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write
[867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution
[864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion
[858] Microsoft Windows NCM Handler Local Privilege Elevation
[837] Microsoft Windows RAS Phonebook dial-up String Overflow
[788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation
[773] Microsoft Windows 2000 Group Policy File Lock DoS
[772] Microsoft Windows Multiple UNC Provider Request Overflow
[736] Microsoft Windows SMB Enumeration Information Disclosure
[732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS
[715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration
[714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure
[697] Microsoft Windows Universal Plug and Play NOTIFY DoS
[692] Microsoft Windows Universal Plug and Play NOTIFY Overflow
[665] Microsoft Windows 95 Online Registration Information Disclosure
[608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS
[581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass
[572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation
[515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
[511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS
[499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS
[466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation
[454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
[445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure
[424] Microsoft Windows NT Malformed LPC Request Remote DoS
[423] Microsoft Windows File Share Password Protection Bypass
[418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure
[403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
[385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation
[336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS
[335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2)
[334] Microsoft Windows Registry: Permission to Modify Common Paths
[332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation
[331] Microsoft Windows Remote Registry Access
[316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS
[304] Microsoft Windows NT service pack level via remote registry access
[303] Microsoft Windows NetBIOS Null Session Remote Registry Access
[300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure
[299] Microsoft Windows NetBIOS Shares Access Control Weakness
[297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access
[218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS
[129] Microsoft Windows NT FTP 'guest' Account
| ||||||
| 139 | tcp | open syn-ack |
netbios-ssn | Microsoft Windows netbios-ssn | ||
cpe:/o:microsoft:windowsvulscanVulDB - https://vuldb.com:
[176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability
[176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability
[176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service
[176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure
[176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure
[176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service
[176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability
[176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure
[176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability
[176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service
[176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability
[176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service
[176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability
[176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure
[176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability
[176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability
[176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability
[176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure
[176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability
[176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability
[176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability
[176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability
[176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability
[176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability
[174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability
[174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure
[174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability
[174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability
[174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure
[174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability
[174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability
[174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability
[174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability
[174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability
[174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability
[174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability
[174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure
[174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service
[174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure
[174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability
[174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability
[174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability
[174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure
[174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability
[174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability
[174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability
[174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability
[174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability
[172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure
[172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability
[172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability
[172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service
[172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service
[172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability
[172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service
[172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure
[172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure
[172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure
[172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure
[172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability
[172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability
[172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability
[172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability
[172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service
[172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure
[172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability
[172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability
[171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service
[171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability
[171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection
[170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service
[170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service
[170990] Microsoft Windows Admin Center unknown vulnerability
[170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management
[170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection
[170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability
[170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection
[170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication
[169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service
[169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability
[169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability
[169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service
[169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure
[169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability
[169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism
[169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service
[169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability
[169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability
[169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability
[169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability
[169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability
[169497] Microsoft Windows 10 Version 1809 for 32-bit Systems Codecs Library unknown vulnerability
[169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability
[167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management
[167700] Microsoft Windows 10 up to Server 2019 RDP authorization
[167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability
[167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure
[167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure
[167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management
[167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service
[167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability
[167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability
[167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability
[167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability
[167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service
[167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service
[167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability
[160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation
[160951] Microsoft Windows up to Server 2019 Kernel memory corruption
[160950] Microsoft OneDrive on Windows privilege escalation
[160949] Microsoft OneDrive on Windows privilege escalation
[160948] Microsoft OneDrive on Windows privilege escalation
[160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation
[160946] Microsoft Windows up to Server 2019 TLS weak encryption
[160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization
[160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[160942] Microsoft Windows up to Server 2019 Kernel information disclosure
[160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation
[160939] Microsoft Windows up to Server 2004 InstallService privilege escalation
[160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation
[160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation
[160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation
[160925] Microsoft Windows up to Server 2019 DirectX privilege escalation
[160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[160923] Microsoft Windows up to Server 2019 GDI information disclosure
[160922] Microsoft Windows up to Server 2019 Win32k information disclosure
[160921] Microsoft Windows up to Server 2019 Win32k privilege escalation
[160920] Microsoft Windows up to Server 2019 DNS denial of service
[160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation
[160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation
[160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation
[160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation
[160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation
[160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure
[160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation
[160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources
[160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources
[160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[160898] Microsoft Windows up to Server 2019 DirectX privilege escalation
[160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service
[160892] Microsoft Windows up to Server 2019 Kernel information disclosure
[160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure
[160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation
[160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation
[160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[160883] Microsoft Windows up to Server 2019 Kernel information disclosure
[160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure
[160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation
[160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation
[160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation
[160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption
[160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure
[160871] Microsoft Windows up to Server 2019 NTFS privilege escalation
[160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication
[160869] Microsoft Windows up to Server 2019 DNS privilege escalation
[160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation
[160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation
[160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation
[160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption
[160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure
[160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation
[160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption
[160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation
[160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[160848] Microsoft Windows up to Server 2019 GDI+ memory corruption
[160847] Microsoft Windows up to Server 2019 memory corruption
[160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption
[160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption
[160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption
[159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation
[159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation
[159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation
[159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation
[159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation
[159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption
[159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation
[159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption
[159590] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure
[159588] Microsoft Windows up to Server 2019 CDP User memory corruption
[159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation
[159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure
[159583] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation
[159581] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159580] Microsoft Windows Remote Desktop Gateway privilege escalation
[159579] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159574] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159573] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159572] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption
[159570] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[159567] Microsoft Windows up to Server 2019 GDI memory corruption
[159566] Microsoft Windows up to Server 2019 Remote Access memory corruption
[159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation
[159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption
[159562] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159561] Microsoft Windows up to Server 2019 Kernel information disclosure
[159560] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159558] Microsoft Windows up to Server 2019 Kernel privilege escalation
[159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption
[159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation
[159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation
[159554] Microsoft Windows up to RT 8.1 Backup Engine privilege escalation
[159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation
[159552] Microsoft Windows up to Server 2019 CDP User memory corruption
[159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation
[159545] Microsoft Windows up to Server 2019 GDI privilege escalation
[159543] Microsoft Windows up to Server 2019 Kernel memory corruption
[159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[159541] Microsoft Windows up to Server 2019 Remote Access memory corruption
[159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption
[159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption
[159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation
[159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation
[159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation
[159524] Microsoft Windows up to Server 2019 Win32k information disclosure
[159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation
[159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation
[159513] Microsoft Windows up to Server 2019 DirectX privilege escalation
[159512] Microsoft Windows up to Server 2019 Kernel privilege escalation
[159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption
[159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption
[159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption
[159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption
[159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[159433] Microsoft Windows net use weak authentication
[159426] Microsoft Windows VCF Card privilege escalation
[159425] Microsoft Windows Group File privilege escalation
[158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157995] Microsoft Windows up to Server 2019 WalletService information disclosure
[157993] Microsoft Windows up to Server 2019 WalletService privilege escalation
[157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation
[157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation
[157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation
[157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation
[157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157983] Microsoft Windows up to Server 2019 Kernel privilege escalation
[157981] Microsoft Windows up to Server 2019 Kernel information disclosure
[157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure
[157978] Microsoft Windows up to Server 2019 Kernel information disclosure
[157977] Microsoft Windows up to Server 2019 Kernel memory corruption
[157975] Microsoft Windows up to Server 2019 ALPC privilege escalation
[157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation
[157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation
[157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation
[157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure
[157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure
[157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation
[157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation
[157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation
[157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157946] Microsoft Windows up to Server 2019 lnk File privilege escalation
[157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[157944] Microsoft Windows iSCSI Target Service privilege escalation
[157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation
[157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption
[157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation
[157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation
[157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation
[157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation
[157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation
[157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation
[157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation
[157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation
[157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure
[157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation
[157913] Microsoft OneDrive on Windows privilege escalation
[157895] Microsoft Windows Defender MpSigStub.exe privilege escalation
[157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[157889] Microsoft Windows up to Server 2019 Imaging information disclosure
[157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error
[157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[157885] Microsoft Windows up to Server 2019 GDI+ memory corruption
[157884] Microsoft Windows up to Server 2019 Font Library privilege escalation
[157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[157882] Microsoft Windows up to Server 2019 GDI information disclosure
[157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption
[157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service
[156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure
[156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
[156419] Microsoft Windows up to Server 2019 LNK privilege escalation
[156418] Microsoft Windows up to Server 2019 CAB File privilege escalation
[156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
[156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation
[156409] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156407] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156406] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156404] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156403] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156402] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156401] Microsoft Windows up to Server 2004 Kernel privilege escalation
[156399] Microsoft Windows up to Server 2004 Kernel privilege escalation
[156398] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156397] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156396] Microsoft Windows Windows Installer privilege escalation
[156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[156386] Microsoft Windows up to Server 2004 GDI+ memory corruption
[156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure
[156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[156381] Microsoft Windows up to Server 2004 Kernel privilege escalation
[156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation
[156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156377] Microsoft Windows up to Server 2019 Registry privilege escalation
[156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156373] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation
[156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation
[156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation
[156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation
[156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service
[156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation
[156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation
[156361] Microsoft Windows up to Server 2019 Win32k information disclosure
[156360] Microsoft Windows up to Server 2004 Windows Service information disclosure
[156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure
[156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation
[156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure
[156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation
[156350] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation
[156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation
[156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation
[156321] Microsoft Windows Defender privilege escalation
[156320] Microsoft Windows Defender privilege escalation
[156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[156317] Microsoft Windows up to Server 2019 GDI privilege escalation
[156316] Microsoft Windows up to Server 2019 Kernel privilege escalation
[156315] Microsoft Windows up to Server 2019 GDI information disclosure
[156314] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156313] Microsoft Windows up to Server 2019 GDI privilege escalation
[156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[156311] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156310] Microsoft Windows up to Server 2019 DirectX privilege escalation
[156309] Microsoft Windows up to Server 2019 Win32k privilege escalation
[156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation
[156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation
[155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155168] Microsoft Windows up to Server 2019 GDI information disclosure
[155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155162] Microsoft Windows Clipboard Service privilege escalation
[155161] Microsoft Windows Clipboard Service privilege escalation
[155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption
[155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155150] Microsoft Windows GDI information disclosure
[155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155148] Microsoft Windows up to Server 2019 Win32k privilege escalation
[155147] Microsoft Windows up to Server 2019 GDI privilege escalation
[155146] Microsoft Windows up to Server 2019 GDI information disclosure
[155145] Microsoft Windows up to Server 2019 DirectX privilege escalation
[155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation
[155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation
[155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation
[155133] Microsoft Windows up to Server 2019 TLS denial of service
[155132] Microsoft Windows up to Server 2019 CSRSS information disclosure
[155131] Microsoft Windows up to Server 2019 Kernel privilege escalation
[155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication
[155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation
[155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation
[155108] Microsoft Windows up to Server 2019 privilege escalation
[155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation
[155105] Microsoft Windows up to Server 2019 memory corruption
[155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
[155103] Microsoft Windows up to Server 2019 information disclosure
[155100] Microsoft Windows up to Server 2019 Media Service privilege escalation
[155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption
[155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
[155091] Microsoft Windows up to Server 2019 Win32k privilege escalation
[155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation
[155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation
[155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption
[155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure
[153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation
[153278] Microsoft Windows up to Server 2019 Update Client privilege escalation
[153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation
[153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153274] Microsoft Windows up to Server 2019 Kernel information disclosure
[153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation
[153272] Microsoft Windows up to Server 2019 Kernel privilege escalation
[153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation
[153269] Microsoft Windows up to Server 2019 Kernel privilege escalation
[153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153264] Microsoft Windows up to Server 2019 DNS denial of service
[153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153260] Microsoft Windows Graphics Component information disclosure
[153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation
[153257] Microsoft Windows up to Server 2019 privilege escalation
[153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[153244] Microsoft Windows up to Server 2019 GDI+ memory corruption
[153243] Microsoft Windows up to Server 2019 Win32k information disclosure
[153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153239] Microsoft Windows up to Server 2019 Kernel information disclosure
[153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153236] Microsoft Windows up to Server 2019 GDI information disclosure
[153235] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure
[153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation
[153228] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Media Foundation information disclosure
[153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation
[153224] Microsoft OneDrive on Windows privilege escalation
[153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation
[153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[153212] Microsoft Windows up to Server 2019 Kernel privilege escalation
[153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[153206] Microsoft Windows up to Server 2019 DirectX privilege escalation
[153204] Microsoft Windows up to Server 2019 information disclosure
[153203] Microsoft Windows up to Server 2019 privilege escalation
[153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[153198] Microsoft Windows up to Server 2019 Win32k memory corruption
[153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
[153196] Microsoft Windows up to Server 2019 Win32k memory corruption
[153195] Microsoft Windows up to Server 2019 DirectX privilege escalation
[153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption
[153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption
[153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation
[153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption
[153175] Microsoft Windows up to Server 2019 Graphics memory corruption
[152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation
[151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation
[151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation
[151164] Microsoft Windows up to Server 2019 Win32k privilege escalation
[151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[151161] Microsoft Windows up to Server 2019 GDI information disclosure
[151160] Microsoft Windows up to Server 2019 GDI information disclosure
[151158] Microsoft Windows up to Server 2019 Win32k privilege escalation
[151157] Microsoft Windows up to Server 2019 Win32k information disclosure
[151156] Microsoft Windows up to Server 2019 GDI information disclosure
[151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure
[151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation
[151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation
[151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151148] Microsoft Windows Connected User Experiences/Telemetry Service information disclosure
[151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure
[151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure
[151141] Microsoft Windows up to Server 2019 Imaging information disclosure
[151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure
[151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[151113] Microsoft Windows up to Server 2019 Win32k privilege escalation
[151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation
[151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation
[151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation
[151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation
[151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[151101] Microsoft Windows up to Server 2019 GDI information disclosure
[151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation
[151095] Microsoft Windows up to Server 2019 Defender privilege escalation
[151094] Microsoft Windows up to Server 1909 Defender privilege escalation
[151091] Microsoft Windows up to Server 2019 DirectX privilege escalation
[151078] Microsoft Windows up to Server 2019 GDI+ memory corruption
[151077] Microsoft Windows up to Server 2019 GDI+ memory corruption
[151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[151060] Microsoft Windows up to Server 2019 lnk File privilege escalation
[149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure
[149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure
[149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149962] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Hyper-V privilege escalation
[149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation
[149955] Microsoft Windows up to Server 2019 GDI memory corruption
[149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation
[149950] Microsoft Windows up to Server 2019 privilege escalation
[149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation
[149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
[149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation
[149944] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure
[149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[149940] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149939] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149938] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149937] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149936] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149935] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149934] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149933] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149932] Microsoft Windows up to Server 2019 Win32k information disclosure
[149931] Microsoft Windows up to Server 2016 Win32k information disclosure
[149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation
[149929] Microsoft Windows up to Server 2019 DirectX information disclosure
[149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation
[149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption
[149926] Microsoft Windows up to Server 2019 IME privilege escalation
[149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure
[149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation
[149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation
[149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation
[149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure
[149913] Microsoft Windows up to Server 2019 Win32k privilege escalation
[149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation
[149909] Microsoft Windows up to Server 2019 COM Server privilege escalation
[149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation
[149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation
[149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation
[149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption
[149900] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149899] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149898] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149897] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149896] Microsoft Windows up to Server 2019 Kernel privilege escalation
[149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation
[149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption
[149883] Microsoft Windows up to Server 2019 LNK privilege escalation
[149882] Microsoft Windows up to Server 2019 memory corruption
[149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication
[148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation
[148653] Microsoft Windows up to Server 2019 Win32k privilege escalation
[148652] Microsoft Windows up to Server 2019 Media Service privilege escalation
[148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation
[148650] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Subsystem for Linux privilege escalation
[148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation
[148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[148638] Microsoft Windows 10 1903/10 1909/Server 1903/Server 1909 Win32k privilege escalation
[148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation
[148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation
[148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation
[148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[148626] Microsoft Windows Remote Desktop Gateway privilege escalation
[148625] Microsoft Windows Remote Desktop Gateway privilege escalation
[148614] Microsoft Windows up to Server 2019 GDI+ information disclosure
[148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[148612] Microsoft Windows Remote Desktop Credentials information disclosure
[148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure
[148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[148609] Microsoft Windows up to Server 2019 Win32k information disclosure
[148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication
[146926] Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure
[146924] Microsoft Windows up to Server 2019 Defender memory corruption
[146879] Microsoft Windows up to Server 2019 OLE privilege escalation
[146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[146877] Microsoft Windows 7 SP1 Windows Media Player information disclosure
[146876] Microsoft Windows 7 SP1 Windows Media Player information disclosure
[146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation
[146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation
[146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[146872] Microsoft Windows up to Server 2019 Kernel information disclosure
[146871] Microsoft Windows up to Server 2019 Kernel information disclosure
[146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure
[146869] Microsoft Windows up to Server 2019 GDI information disclosure
[146868] Microsoft Windows up to Server 2019 GDI information disclosure
[146867] Microsoft Windows up to Server 2019 GDI information disclosure
[146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[146858] Microsoft Windows up to Server 2019 Win32k information disclosure
[146857] Microsoft Windows up to Server 2016 Win32k privilege escalation
[146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation
[146804] Microsoft Windows Media Center XML External Entity
[145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption
[145394] Microsoft Windows up to Server 2019 Win32k information disclosure
[145393] Microsoft Windows up to Server 2019 GDI information disclosure
[145390] Microsoft Windows up to Server 2019 Win32k information disclosure
[145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation
[145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure
[145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation
[145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation
[145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure
[145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[145377] Microsoft Windows up to Server 2019 Installer privilege escalation
[145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure
[145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
[145372] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145366] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145365] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145364] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145363] Microsoft Windows up to Server 2019 Win32k privilege escalation
[145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation
[145361] Microsoft Windows up to Server 2019 privilege escalation
[145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation
[145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation
[145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation
[145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation
[145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure
[145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation
[145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure
[145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure
[145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[145346] Microsoft Windows up to Server 2019 Kernel information disclosure
[145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145344] Microsoft Windows up to Server 2019 privilege escalation
[145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption
[145341] Microsoft Windows 10 1903/Server 1903 Media Foundation memory corruption
[145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption
[145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation
[143118] Microsoft Windows up to Server 2019 IIS memory corruption
[143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure
[143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
[143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
[143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation
[143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation
[143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption
[143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure
[143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation
[143096] Microsoft Windows up to Server 2019 Kernel information disclosure
[143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption
[143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation
[143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[143083] Microsoft Windows up to Server 2019 TLS information disclosure
[143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation
[143081] Microsoft Windows up to Server 2019 Setup privilege escalation
[143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[143077] Microsoft Windows up to Server 2019 Imaging API memory corruption
[143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation
[143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication
[143071] Microsoft Windows up to Server 2019 MS XML XML External Entity
[143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[142140] Microsoft Windows Defender File privilege escalation
[141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
[141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
[141630] Microsoft Windows up to Server 2019 memory corruption
[141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
[141627] Microsoft Windows up to Server 2019 GDI information disclosure
[141626] Microsoft Windows up to Server 2019 Win32k privilege escalation
[141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
[141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
[141621] Microsoft Windows up to Server 2019 Kernel information disclosure
[141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
[141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
[141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
[141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
[141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
[141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
[141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
[141606] Microsoft Windows up to Server 2019 Win32k privilege escalation
[141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
[141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[141603] Microsoft Windows up to Server 2019 GDI information disclosure
[141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation
[141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
[141579] Microsoft Windows up to Server 2016 DirectX information disclosure
[141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
[141563] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
[141562] Microsoft Windows up to RT 8.1 Remote Desktop privilege escalation
[141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
[139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
[139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
[139965] Microsoft Windows up to Server 2019 Kernel information disclosure
[139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
[139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
[139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation
[139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
[139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity
[139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation
[139941] Microsoft Windows up to Server 2019 DirectX privilege escalation
[139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
[139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
[139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
[139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation
[139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
[139932] Microsoft Windows up to Server 2019 Kernel privilege escalation
[139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features
[139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
[139928] Microsoft Windows up to Server 2019 Kernel privilege escalation
[139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
[139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
[139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity
[139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation
[139911] Microsoft Windows up to Server 2019 memory corruption
[139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
[139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
[139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
[139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[139891] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139890] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139889] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139888] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139887] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139886] Microsoft Windows up to Server 2019 Font Library privilege escalation
[139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
[139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation
[139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation
[139527] Microsoft Windows PowerShell privilege escalation
[137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137582] Microsoft Windows ADFS Security Feature 7PK Security Features
[137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
[137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
[137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[137562] Microsoft Windows up to Server 2019 Win32k information disclosure
[137561] Microsoft Windows up to Server 2019 GDI information disclosure
[137560] Microsoft Windows up to Server 2019 GDI information disclosure
[137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
[137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[137549] Microsoft Windows up to Server 2016 DLL privilege escalation
[137544] Microsoft Windows up to Server 2019 Kernel information disclosure
[137541] Microsoft Windows up to Server 2019 privilege escalation
[137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[137539] Microsoft Windows up to Server 2016 DirectX privilege escalation
[137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features
[137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
[137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation
[137532] Microsoft Windows DNS Server Data Processing Error
[137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
[137512] Microsoft Windows up to Server 2019 DHCP memory corruption
[136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure
[136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
[136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
[136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
[136344] Microsoft Windows up to Server 2019 GDI information disclosure
[136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136340] Microsoft Windows up to Server 2019 GDI information disclosure
[136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
[136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
[136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features
[136334] Microsoft Windows up to Server 2019 Kernel information disclosure
[136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136323] Microsoft Windows up to Server 2019 memory corruption
[136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
[136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features
[136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
[136317] Microsoft Windows up to Server 2019 Win32k privilege escalation
[136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136314] Microsoft Windows up to Server 2019 Win32k privilege escalation
[136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136312] Microsoft Windows up to Server 2019 GDI information disclosure
[136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136310] Microsoft Windows up to Server 2019 GDI information disclosure
[136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
[136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
[136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features
[136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
[136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation
[136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
[136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
[136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136284] Microsoft Windows up to Server 2019 Kernel privilege escalation
[136277] Microsoft Windows 7 SP1/2008 R2 SP1 Speech API memory corruption
[136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation
[136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
[136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[134744] Microsoft Windows up to Server 2019 GDI information disclosure
[134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
[134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
[134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134715] Microsoft Windows up to Server 2019 Win32k privilege escalation
[134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[134710] Microsoft Windows up to Server 2019 GDI information disclosure
[134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
[134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
[134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features
[134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
[134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation
[134698] Microsoft Windows up to Server 2019 OLE privilege escalation
[134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
[133378] Microsoft Windows 7/8/10/Vista Contact File cross site scripting
[133237] Microsoft Windows Admin Center privilege escalation
[133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
[133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
[133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
[133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
[133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
[133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
[133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
[133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
[133210] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 DirectX information disclosure
[133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133196] Microsoft Windows up to Server 2019 Win32k information disclosure
[133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
[133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption
[133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation
[133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
[133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure
[133185] Microsoft Windows up to Server 2019 Win32k privilege escalation
[133183] Microsoft Windows up to Server 2019 Win32k privilege escalation
[133182] Microsoft Windows up to Server 2019 Win32k privilege escalation
[133180] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133179] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features
[133174] Microsoft Windows up to Server 2019 GDI+ memory corruption
[133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
[133166] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133165] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133164] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133163] Microsoft Windows up to Server 2019 MS XML XML External Entity
[133162] Microsoft Windows up to Server 2019 MS XML XML External Entity
[131685] Microsoft Windows up to Server 2019 SMB information disclosure
[131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation
[131681] Microsoft Windows up to Server 2019 Win32k privilege escalation
[131679] Microsoft Windows up to Server 2019 Kernel information disclosure
[131674] Microsoft Windows up to Server 2019 Win32k information disclosure
[131673] Microsoft Windows up to Server 2019 Kernel information disclosure
[131672] Microsoft Windows up to Server 2019 GDI information disclosure
[131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
[131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
[131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
[131658] Microsoft Windows up to Server 2019 information disclosure
[131657] Microsoft Windows up to Server 2019 memory corruption
[131653] Microsoft Windows up to Server 2019 SMB information disclosure
[131652] Microsoft Windows up to Server 2019 SMB information disclosure
[131651] Microsoft Windows up to Server 2019 Kernel information disclosure
[131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation
[131649] Microsoft Windows up to Server 2019 Kernel privilege escalation
[131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
[131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
[131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
[131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
[131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation
[131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
[131619] Microsoft Windows up to Server 2019 MS XML XML External Entity
[131616] Microsoft Windows REG File Message weak authentication
[131328] Microsoft Windows up to Server 2016 Kernel information disclosure
[130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
[130819] Microsoft Windows Kernel information disclosure
[130818] Microsoft Windows up to Server 2019 GDI information disclosure
[130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
[130814] Microsoft Windows up to Server 2019 privilege escalation
[130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features
[130808] Microsoft Windows up to Server 2019 information disclosure
[130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
[130806] Microsoft Windows up to Server 2019 SMB Data Processing Error
[130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
[130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
[130803] Microsoft Windows up to Server 2019 SMB Data Processing Error
[130802] Microsoft Windows up to Server 2019 Win32k information disclosure
[130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
[130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130799] Microsoft Windows up to Server 2016 Win32k privilege escalation
[130798] Microsoft Windows up to Server 2019 GDI information disclosure
[130797] Microsoft Windows up to Server 2019 GDI information disclosure
[130796] Microsoft Windows up to Server 2019 GDI information disclosure
[130793] Microsoft Windows up to Server 2019 GDI information disclosure
[130792] Microsoft Windows up to Server 2019 HID information disclosure
[130791] Microsoft Windows up to Server 2019 HID information disclosure
[130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
[130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
[130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
[129167] Microsoft Windows VCF File memory corruption
[128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
[128749] Microsoft Windows up to Server 2019 Kernel information disclosure
[128739] Microsoft Windows up to Server 2019 Kernel information disclosure
[128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
[128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
[128736] Microsoft Windows up to Server 2019 Kernel information disclosure
[128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
[128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
[128728] Microsoft Windows up to Server 2019 Kernel information disclosure
[128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
[128722] Microsoft Windows 10 1803/Server 1803 DHCP Client memory corruption
[128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation
[127881] Microsoft Windows 10 1809/Server 2019 memory corruption
[127880] Microsoft Windows up to Server 2019 Win32k privilege escalation
[127828] Microsoft Windows up to Server 2019 Win32k privilege escalation
[127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
[127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure
[127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
[127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
[127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation
[127820] Microsoft Windows up to Server 2019 Kernel privilege escalation
[127816] Microsoft Windows up to Server 2019 GDI information disclosure
[127815] Microsoft Windows up to Server 2019 GDI information disclosure
[127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
[127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
[127801] Microsoft Windows up to Server 2019 DNS Server memory corruption
[126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
[126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
[126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
[126736] Microsoft Windows up to Server 2019 Win32k privilege escalation
[126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
[126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation
[126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
[126725] Microsoft Windows up to Server 2019 DirectX privilege escalation
[126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
[126718] Microsoft Windows up to Server 2016 Search privilege escalation
[126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation
[126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
[126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
[126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
[125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
[125121] Microsoft Windows up to Server 2019 DirectX information disclosure
[125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
[125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
[125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
[125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
[125113] Microsoft Windows up to Server 2019 Kernel privilege escalation
[125112] Microsoft Windows 10 1803/Server 1803 Subsystem for Linux privilege escalation
[125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features
[125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features
[125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
[125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation
[125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
[125101] Microsoft Windows Graphics Component memory corruption
[125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
[125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation
[125096] Microsoft Windows up to Server 2019 Win32k privilege escalation
[125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation
[125091] Microsoft Windows up to Server 2019 MS XML XML External Entity
[124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation
[123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
[123874] Microsoft Windows up to Server 2016 Kernel information disclosure
[123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
[123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[123867] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation
[123866] Microsoft Windows 10 1803/Server 1803 Hyper-V privilege escalation
[123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
[123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
[123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
[123849] Microsoft Windows up to Server 2016 SMB privilege escalation
[123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
[123827] Microsoft Windows up to Server 2016 Image privilege escalation
[123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity
[123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[122888] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Windows Shell privilege escalation
[122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation
[122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation
[122884] Microsoft Windows up to Server 2016 Win32k privilege escalation
[122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation
[122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
[122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation
[122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
[122848] Microsoft Windows Security Feature 2FA 7PK Security Features
[122834] Microsoft Windows up to Server 2016 LNK privilege escalation
[122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
[122826] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 PDF memory corruption
[122825] Microsoft Windows up to Server 2016 Graphics privilege escalation
[121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
[121111] Microsoft Windows up to Server 2016 Kernel privilege escalation
[121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features
[121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error
[121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error
[119474] Microsoft Windows up to Server 2016 GDI information disclosure
[119471] Microsoft Windows 10 1803/Server 1803 Win32k privilege escalation
[119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error
[119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
[119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
[119466] Microsoft Windows 10 1709/Server 1709 Hyper-V privilege escalation
[119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119459] Microsoft Windows up to Server 2016 privilege escalation
[119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
[119456] Microsoft Windows up to Server 2016 Kernel information disclosure
[119455] Microsoft Windows up to Server 2016 memory corruption
[119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features
[119453] Microsoft Windows 10 1709/10 1803/Server 1709/Server 1803 WebDAV privilege escalation
[119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation
[119450] Microsoft Windows 10 1703/10 1709/10 1803/Server 1709/Server 1803 Kernel information disclosure
[119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation
[119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
[119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
[119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error
[119436] Microsoft Windows up to Server 2016 privilege escalation
[119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation
[117558] Microsoft Windows up to Server 2016 memory corruption
[117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
[117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation
[117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
[117331] Microsoft Windows Host Compute Host Compute Service Shim privilege escalation
[116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation
[116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation
[116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error
[116031] Microsoft Windows up to Server 2016 Kernel information disclosure
[116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error
[116026] Microsoft Windows up to Server 2016 Kernel information disclosure
[116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation
[116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features
[116019] Microsoft Windows up to Server 2016 Kernel information disclosure
[116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error
[116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
[115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
[114550] Microsoft Windows Kernel information disclosure
[114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features
[114547] Microsoft Windows up to Server 2016 Kernel information disclosure
[114546] Microsoft Windows up to Server 2016 Kernel information disclosure
[114545] Microsoft Windows up to Server 2016 Kernel information disclosure
[114544] Microsoft Windows up to Server 2016 Kernel information disclosure
[114543] Microsoft Windows up to Server 2016 Kernel information disclosure
[114542] Microsoft Windows up to Server 2016 Kernel information disclosure
[114541] Microsoft Windows up to Server 2016 Kernel information disclosure
[114540] Microsoft Windows up to Server 2016 Kernel information disclosure
[114536] Microsoft Windows up to Server 2016 CredSSP weak authentication
[114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
[114534] Microsoft Windows 10/10 1511/10 1607/10 1703/10 1709 Scripting Host 7PK Security Features
[114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
[114530] Microsoft Windows up to Server 2016 GDI privilege escalation
[114529] Microsoft Windows up to Server 2016 GDI privilege escalation
[114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
[114527] Microsoft Windows up to Server 2016 Kernel information disclosure
[114526] Microsoft Windows up to Server 2016 Kernel information disclosure
[114525] Microsoft Windows up to Server 2016 Kernel information disclosure
[114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
[114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
[114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
[114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity
[114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
[114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
[113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
[113262] Microsoft Windows 10/Server 1709 Storage Services privilege escalation
[113261] Microsoft Windows 10/Server 1709 Security Feature 7PK Security Features
[113260] Microsoft Windows up to Server 2016 Kernel privilege escalation
[113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
[113258] Microsoft Windows 10/Server 1709 Kernel information disclosure
[113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
[113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
[113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
[113254] Microsoft Windows up to Server 2016 Kernel information disclosure
[113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation
[113252] Microsoft Windows up to Server 2016 Kernel privilege escalation
[113251] Microsoft Windows 10/Server 1709 Kernel privilege escalation
[113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation
[113249] Microsoft Windows up to Server 2016 Kernel privilege escalation
[113248] Microsoft Windows up to Server 2016 Kernel information disclosure
[113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
[113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
[113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
[113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
[113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
[113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation
[113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation
[113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
[113238] Microsoft Windows 10 1709/Server 1709 Named Pipe File System privilege escalation
[113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
[113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
[111358] Microsoft Windows up to Server 2016 IPsec memory corruption
[111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
[110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure
[110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features
[110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
[110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error
[107920] Microsoft Windows up to Vista SP2 Graphics information disclosure
[107759] Microsoft Windows up to Server 2016 SMB privilege escalation
[107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error
[107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation
[107740] Microsoft Windows up to Server 2016 Graphics privilege escalation
[107739] Microsoft Windows up to Server 2016 Graphics privilege escalation
[107738] Microsoft Windows up to Server 2016 Search information disclosure
[107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
[107731] Microsoft Windows 7 SP1 Shell memory corruption
[107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation
[107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation
[107723] Microsoft Windows up to Server 2016 SMB information disclosure
[106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
[106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
[106498] Microsoft Windows up to Server 2016 Shell privilege escalation
[106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
[106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
[106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
[106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
[106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure
[106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation
[106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition
[105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error
[105049] Microsoft Windows 10 1703 Remote Desktop Protocol Data Processing Error
[105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation
[105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation
[105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
[105010] Microsoft Windows up to Server 2016 Win32k privilege escalation
[105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error
[104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
[104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error
[104982] Microsoft Windows up to XP SMBv1 Smbloris denial of service
[103446] Microsoft Windows up to Server 2016 Search privilege escalation
[103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
[103444] Microsoft Windows up to Server 2016 Explorer privilege escalation
[103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation
[103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
[103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation
[103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation
[103420] Microsoft Windows up to Server 2016 Kerberos weak authentication
[103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features
[102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
[102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
[102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
[102412] Microsoft Windows up to Server 2016 PDF privilege escalation
[102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure
[102387] Microsoft Windows up to XP SP3 Search privilege escalation
[102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
[102385] Microsoft Windows up to Server 2016 Font Library memory corruption
[102377] Microsoft Windows up to Vista SP2 lnk File privilege escalation
[102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error
[102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
[102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
[102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation
[101820] Microsoft Windows Vista/7/8.1 NtfsCommonCreate denial of service
[101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
[101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
[101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error
[101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
[101043] Microsoft Windows up to XP SP3 SMB privilege escalation
[101042] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101041] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101040] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101039] Microsoft Windows up to XP SP3 SMB privilege escalation
[101038] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101037] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101036] Microsoft Windows up to XP SP3 SMBv1 Server privilege escalation
[101035] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101034] Microsoft Windows up to XP SP3 SMBv1 Server information disclosure
[101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
[101026] Microsoft Windows DNS Server privilege escalation
[101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure
[101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error
[100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption
[100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
[99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation
[99696] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver ATMFD.dll information disclosure
[99685] Microsoft Windows up to Vista SP2 LDAP privilege escalation
[99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features
[99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
[99680] Microsoft Windows up to Vista SP2 Win32k privilege escalation
[99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation
[98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption
[98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
[98113] Microsoft Windows up to Vista SP2 XML Core Services information disclosure
[98112] Microsoft Windows up to Vista SP2 DirectShow information disclosure
[98111] Microsoft Windows 7 SP1/Vista SP2 DVD Maker cross site request forgery
[98110] Microsoft Windows Active Directory Federation Services information disclosure
[98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation
[98068] Microsoft Windows up to Vista SP2 Graphics Component USP10!otlList::insertAt memory corruption
[98067] Microsoft Windows up to Vista SP2 Color Management information disclosure
[98066] Microsoft Windows Color Management information disclosure
[98065] Microsoft Windows up to Vista SP2 GDI+ information disclosure
[98058] Microsoft Windows iSNS Server memory corruption
[98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
[98055] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation
[98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service
[98052] Microsoft Windows up to Vista SP2 Uniscribe information disclosure
[98051] Microsoft Windows up to Vista SP2 Uniscribe information disclosure
[98050] Microsoft Windows up to Vista SP2 Uniscribe Read/Write memory corruption
[98049] Microsoft Windows Uniscribe information disclosure
[98048] Microsoft Windows Uniscribe information disclosure
[98047] Microsoft Windows Uniscribe information disclosure
[98046] Microsoft Windows Uniscribe information disclosure
[98045] Microsoft Windows Uniscribe information disclosure
[98044] Microsoft Windows Uniscribe information disclosure
[98043] Microsoft Windows Uniscribe information disclosure
[98042] Microsoft Windows Uniscribe information disclosure
[98041] Microsoft Windows Uniscribe information disclosure
[98040] Microsoft Windows Uniscribe information disclosure
[98039] Microsoft Windows Uniscribe information disclosure
[98038] Microsoft Windows Uniscribe information disclosure
[98037] Microsoft Windows Uniscribe information disclosure
[98036] Microsoft Windows Uniscribe information disclosure
[98035] Microsoft Windows Uniscribe information disclosure
[98034] Microsoft Windows Uniscribe information disclosure
[98033] Microsoft Windows Uniscribe information disclosure
[98032] Microsoft Windows Uniscribe information disclosure
[98031] Microsoft Windows Uniscribe rule information disclosure
[98030] Microsoft Windows Uniscribe memory corruption
[98029] Microsoft Windows Uniscribe memory corruption
[98028] Microsoft Windows Uniscribe memory corruption
[98027] Microsoft Windows Uniscribe memory corruption
[98026] Microsoft Windows Uniscribe memory corruption
[98025] Microsoft Windows Uniscribe memory corruption
[98024] Microsoft Windows Uniscribe Data Processing Error
[98023] Microsoft Windows up to Vista SP2 SMB privilege escalation
[98022] Microsoft Windows up to XP SP3 SMB information disclosure
[98021] Microsoft Windows up to XP SP3 SMB privilege escalation
[98020] Microsoft Windows up to XP SP3 SMB privilege escalation
[98019] Microsoft Windows up to XP SP3 SMB privilege escalation
[98018] Microsoft Windows up to XP SP3 SMB privilege escalation
[98017] Microsoft Windows up to Server 2016 PDF memory corruption
[98016] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation
[98014] Microsoft Windows up to Vista SP2 Hyper-V information disclosure
[98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
[98012] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98011] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98010] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98009] Microsoft Windows up to Vista SP2 Hyper-V privilege escalation
[98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation
[98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
[96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
[95126] Microsoft Windows Local Security Authority Subsystem Service privilege escalation
[94457] Microsoft Windows up to Vista SP2 Win32k privilege escalation
[94456] Microsoft Windows up to Vista SP2 PFB Font win32k.sys Data Processing Error
[94437] Microsoft Windows up to Vista SP2 Uniscribe LoadUvsTable Data Processing Error
[94436] Microsoft Windows 10 Graphics Data Processing Error
[94435] Microsoft Windows up to Vista SP2 Graphics Data Processing Error
[94434] Microsoft Windows GDI information disclosure
[93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity
[93963] Microsoft Windows Authorization Manager msxml3.dll File information disclosure
[93962] Microsoft Windows 7 SP1 Event Viewer File information disclosure
[93954] Microsoft Windows 7 SP1 NFO File MSINFO32.EXE XML External Entity
[93953] Microsoft Windows Media Center 6.1.7600 MCL File ehshell.exe XML External Entity
[93602] Microsoft Windows 7/10 cmd.exe privilege escalation
[93419] Microsoft Windows up to Vista SP2 NTLM Password Change privilege escalation
[93418] Microsoft Windows up to Vista SP2 Local Security Authority Subsystem Service privilege escalation
[93390] Microsoft Windows up to Vista SP2 Open Type Font privilege escalation
[93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
[93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
[93387] Microsoft Windows up to Vista SP2 Open Type Font information disclosure
[93386] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control privilege escalation
[93383] Microsoft Windows up to Vista SP2 Image File Upload privilege escalation
[92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
[92595] Microsoft Windows 10 Diagnostics Hub privilege escalation
[92590] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92589] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92588] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
[92586] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92585] Microsoft Windows Vista SP2/7 SP1/8.1/RT 8.1/10 Video Control memory corruption
[92583] Microsoft Windows up to Vista SP2 True Type Font privilege escalation
[92582] Microsoft Windows up to Vista SP2 GDI+ privilege escalation
[92581] Microsoft Windows up to Vista SP2 Graphics privilege escalation
[92580] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[92579] Microsoft Windows up to Vista SP2 GDI+ information disclosure
[92578] Microsoft Windows up to Vista SP2 GDI+ information disclosure
[92577] Microsoft Windows up to Vista SP2 True Type Font information disclosure
[91572] Microsoft Windows up to Vista Scripting Engine memory corruption
[91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
[91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
[91569] Microsoft Windows up to Vista privilege escalation
[91561] Microsoft Windows up to Vista Object memory corruption
[91560] Microsoft Windows 10 Object memory corruption
[91559] Microsoft Windows 8.1/10/RT 8.1 NTLM SSO privilege escalation
[91540] Microsoft Windows up to Vista GDI memory corruption
[91539] Microsoft Windows up to Vista GDI privilege escalation
[91538] Microsoft Windows up to Vista GDI 7PK Security Features
[91537] Microsoft Windows win32k.sys privilege escalation
[91536] Microsoft Windows up to Vista win32k.sys privilege escalation
[90934] Microsoft Windows 7/8.1 FON Font File win32k.sys denial of service
[90713] Microsoft Windows up to Vista SP2 NetBIOS privilege escalation
[90712] Microsoft Windows 10/10 1511 Universal Outlook information disclosure
[90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
[90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
[90709] Microsoft Windows up to Vista SP2 Kerberos privilege escalation
[90702] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90701] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90700] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90699] Microsoft Windows up to Vista SP2 Kernel-Mode Driver win32k privilege escalation
[90698] Microsoft Windows Graphics privilege escalation
[90697] Microsoft Windows Graphics privilege escalation
[90696] Microsoft Windows up to Vista SP2 Graphics privilege escalation
[90252] Microsoft Windows TCP/IP NetBios Helper Service information disclosure
[89605] Microsoft Windows NT 4.0/2000 Security Event Log denial of service
[89604] Microsoft Windows NT 4.0/2000 Application Event Log denial of service
[89571] Microsoft Windows IMAPI CD Burning COM privilege escalation
[89570] Microsoft Windows Netmeeting Remote Desktop Sharing privilege escalation
[89520] Microsoft Windows Terminal Services information disclosure
[89505] Microsoft Windows FTP Server privilege escalation
[89504] Microsoft Windows System Event Log privilege escalation
[89444] Microsoft Windows Remote Desktop/Terminal Services Web Connection weak authentication
[89431] Microsoft Windows FAT32 Partition Driver information disclosure
[89417] Microsoft Windows RAS Connection weak encryption
[89413] Microsoft Windows Default Share privilege escalation
[89411] Microsoft Windows LanMan Hash weak authentication
[89389] Microsoft Windows Auto Update information disclosure
[89345] Microsoft Windows NetBIOS Shared Folder information disclosure
[89344] Microsoft Windows NetBIOS/SMB Authentication information disclosure
[89342] Microsoft Windows 95/98 LanMan Hash weak encryption
[89340] Microsoft Windows 95/98 SMB Service memory corruption
[89337] Microsoft Windows FTP Service denial of service
[89335] Microsoft Windows NetBIOS/CIFS weak encryption
[89303] Microsoft Windows Admin Account weak authentication
[89299] Microsoft Windows LanMan Authentication weak authentication
[89297] Microsoft Windows Startup Malware privilege escalation
[89295] Microsoft Windows Services information disclosure
[89294] Microsoft Windows Guest Account information disclosure
[89293] Microsoft Windows Guest Account unknown vulnerability
[89292] Microsoft Windows Guest Account Log information disclosure
[89290] Microsoft Windows Security Log denial of service
[89288] Microsoft Windows Winlogon privilege escalation
[89259] Microsoft Windows Patch MS04-002 privilege escalation
[89150] Microsoft Windows RAS weak encryption
[89051] Microsoft Windows up to Vista SP2 .NET Framework information disclosure
[89036] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver privilege escalation
[89035] Microsoft Windows up to Vista SP2 Print Spooler ntprint.dll PSetupDownloadAndInstallLegacyDriver 7PK Security Features
[89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
[88883] Microsoft Windows VeriSign weak authentication
[88787] Microsoft Windows NT 4.0 RAS via PPP denial of service
[88786] Microsoft Windows NT 4.0 NetBIOS Over TCP privilege escalation
[88781] Microsoft Windows 2000 Active Directory Schema privilege escalation
[88775] Microsoft Windows XP Digitally Sign weak authentication
[88774] Microsoft Windows XP Digitally Sign weak authentication
[88773] Microsoft Windows XP Digitally Sign weak authentication
[88772] Microsoft Windows XP Session Key weak authentication
[88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation
[88763] Microsoft Windows Remote Data Services information disclosure
[88706] Microsoft Windows up to NT 3.51 SP4/4.0 SP5 RRAS denial of service
[88686] Microsoft Windows Locator Service information disclosure
[88675] Microsoft Windows information disclosure
[88670] Microsoft Windows Password Filter privilege escalation
[88664] Microsoft Windows NT 4.0 TCP/IP Security privilege escalation
[88658] Microsoft Windows NT 4.0 Device Driver privilege escalation
[88657] Microsoft Windows NT 4.0/2000 DHCP Server information disclosure
[88655] Microsoft Windows 2000 DNS Server privilege escalation
[88649] Microsoft Windows information disclosure
[88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation
[88630] Microsoft Windows Registry Permission privilege escalation
[88598] Microsoft Windows NT 4.0/2000 privilege escalation
[88438] Microsoft Windows 95/98 ICMP denial of service
[88319] Microsoft Windows NT 4.0 File Protection privilege escalation
[88316] Microsoft Windows privilege escalation
[88313] Microsoft Windows W32/Deloder Worm privilege escalation
[88311] Microsoft Windows UPnP TCP Helper information disclosure
[88285] Microsoft Windows CIS information disclosure
[88283] Microsoft Windows Terminal Services/Citrix Server weak authentication
[88281] Microsoft Windows SvcOpenSCManager information disclosure
[88280] Microsoft Windows DCE/RPC information disclosure
[88276] Microsoft Windows shlwapi.dll denial of service
[88269] Microsoft Windows Registry Password information disclosure
[88268] Microsoft Windows information disclosure
[88266] Microsoft Windows information disclosure
[88265] Microsoft Windows information disclosure
[88264] Microsoft Windows User information disclosure
[88253] Microsoft Windows SMB Server privilege escalation
[88251] Microsoft Windows Guest Account privilege escalation
[88240] Microsoft Windows NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 SNMP GET unknown vulnerability
[88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation
[88210] Microsoft Windows Secure Site weak encryption
[88199] Microsoft Windows NT 4.0 Ssping teardrop2 Patch denial of service
[88198] Microsoft Windows DNS Server privilege escalation
[88196] Microsoft Windows Force Shutdown from a Remote System Privilege privilege escalation
[88195] Microsoft Windows Modify Firmware Environment Values Privilege privilege escalation
[88194] Microsoft Windows Debug Programs Privilege privilege escalation
[88193] Microsoft Windows Restore Files/Directories Privilege privilege escalation
[88192] Microsoft Windows Backup Files/Directories Privilege privilege escalation
[88191] Microsoft Windows Create a Pagefile Privilege privilege escalation
[88190] Microsoft Windows Increase Scheduling Priority Privilege privilege escalation
[88188] Microsoft Windows Profile Single Process Privilege privilege escalation
[88187] Microsoft Windows Change the System Time Privilege privilege escalation
[88186] Microsoft Windows Create Permanent Shared Objects Privilege privilege escalation
[88185] Microsoft Windows Profile System Performance Privilege privilege escalation
[88184] Microsoft Windows Act as Part of the Operating System Privilege privilege escalation
[88183] Microsoft Windows Increase Quotas Privilege privilege escalation
[88182] Microsoft Windows Load/Unload Device Drivers Privilege privilege escalation
[88181] Microsoft Windows Lock Pages in Memory Privilege privilege escalation
[88179] Microsoft Windows Protocol information disclosure
[88178] Microsoft Windows Network Interface information disclosure
[88173] Microsoft Windows rsh TCP Sequence privilege escalation
[88172] Microsoft Windows Service Unknown information disclosure
[88171] Microsoft Windows Registry File Association privilege escalation
[88159] Microsoft Windows Remote Access Service information disclosure
[88157] Microsoft Windows 2000/NT Password Policy weak authentication
[88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption
[88154] Microsoft Windows 2000/NT Username information disclosure
[88153] Microsoft Windows 2000/NT information disclosure
[88152] Microsoft Windows NetBIOS privilege escalation
[88151] Microsoft Windows Registry privilege escalation
[88150] Microsoft Windows NT Share information disclosure
[87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation
[87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation
[87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
[87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation
[87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
[87952] Microsoft Windows 10/10 1511 Diagnostic Hub Data Processing Error
[87951] Microsoft Windows up to Vista SP2 WPAD Data Processing Error
[87950] Microsoft Windows up to Vista SP2 WPAD privilege escalation
[87949] Microsoft Windows Netlogon privilege escalation
[87948] Microsoft Windows up to Vista SP2 SMB Server privilege escalation
[87947] Microsoft Windows up to Vista SP2 Adobe Type Manager Font Driver atmfd.dll privilege escalation
[87946] Microsoft Windows 10 Kernel win32k.sys privilege escalation
[87945] Microsoft Windows up to Vista SP2 Graphics Component information disclosure
[87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
[87943] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation
[87942] Microsoft Windows up to Vista SP2 Kernel win32k.sys privilege escalation
[87941] Microsoft Windows up to Vista SP2 Group Policy privilege escalation
[87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption
[87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation
[87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation
[87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation
[87167] Microsoft Windows up to Vista SP2 DirectX Graphics Kernel Subsystem privilege escalation
[87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
[87165] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87164] Microsoft Windows up to Vista SP2 win32k.sys information disclosure
[87163] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87162] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87161] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[87160] Microsoft Windows up to Vista SP2 RPC Network Data Representation Engine privilege escalation
[87158] Microsoft Windows Vista SP2/7 SP1/8.1 Media Center privilege escalation
[87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation
[87155] Microsoft Windows Vista SP2/7/8.1/RT 8.1/10 Journal privilege escalation
[87154] Microsoft Windows up to Vista SP2 Imaging memory corruption
[87153] Microsoft Windows up to Vista SP2 Direct3D memory corruption
[87152] Microsoft Windows up to Vista SP2 Graphics Component privilege escalation
[87151] Microsoft Windows up to Vista SP2 Graphics Component information disclosure
[87150] Microsoft Windows up to Vista SP2 Graphics Component information disclosure
[87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
[87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
[83151] Microsoft Windows EMF File GetEnhMetaFilePaletteEntries denial of service
[82236] Microsoft Windows up to Vista SP2 OLE privilege escalation
[82234] Microsoft Windows 10 HTTP.sys Data Processing Error
[82231] Microsoft Windows up to Vista SP2 Font Library memory corruption
[82226] Microsoft Windows up to Vista SP2 SAM/LSAD Badlock 7PK Security Features
[82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
[82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
[82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
[81899] Microsoft Windows Media Services privilege escalation
[81837] Microsoft Windows NT 4.0 SynAttackProtect denial of service
[81815] Microsoft Windows NT 3.51/NT 4.0 Registry privilege escalation
[81814] Microsoft Windows Telnet weak encryption
[81813] Microsoft Windows XP weak encryption
[81812] Microsoft Windows XP Network Client Feature weak authentication
[81801] Microsoft Windows Logon Hours privilege escalation
[81798] Microsoft Windows XP Remote Desktop information disclosure
[81788] Microsoft Windows privilege escalation
[81719] Microsoft Windows privilege escalation
[81718] Microsoft Windows 4.0/4.0 SP1/4.0 SP2/4.0 SP3 Service Pack Patches privilege escalation
[81685] Microsoft Windows Guest Account privilege escalation
[81284] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation
[81283] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81282] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81281] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81280] Microsoft Windows up to Vista SP2 Kernel Mode Driver win32k.sys privilege escalation
[81279] Microsoft Windows up to Vista SP2 USB Mass Storage Class Driver privilege escalation
[81277] Microsoft Windows privilege escalation
[81276] Microsoft Windows up to Vista SP2 OLE privilege escalation
[81275] Microsoft Windows up to Vista SP2 OLE privilege escalation
[81271] Microsoft Windows 10 PDF Library privilege escalation
[81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation
[81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation
[81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation
[81267] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation
[81266] Microsoft Windows up to Vista SP2 OpenType Font privilege escalation
[81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation
[80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
[80879] Microsoft Windows Network Policy Server RADIUS privilege escalation
[80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation
[80877] Microsoft Windows up to Vista SP2 Forms information disclosure
[80876] Microsoft Windows up to Vista SP2 .NET Framework privilege escalation
[80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
[80866] Microsoft Windows up to Vista SP2 DLL Loader privilege escalation
[80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation
[80864] Microsoft Windows up to Vista DLL Loader privilege escalation
[80863] Microsoft Windows up to Vista DLL Loader privilege escalation
[80861] Microsoft Windows up to Vista SP2 Journal memory corruption
[80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation
[80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
[80223] Microsoft Windows 10/1511 RDP Service 7PK Security Features
[80220] Microsoft Windows up to Vista SP2 DirectShow memory corruption
[80215] Microsoft Windows up to Vista SP2 win32k.sys privilege escalation
[80214] Microsoft Windows up to Vista SP2 Graphics Device Interface GDI32.dll information disclosure
[80213] Microsoft Windows up to Vista SP2 Sandbox privilege escalation
[80212] Microsoft Windows up to Vista SP2 Sandbox privilege escalation
[79515] Microsoft Windows 10 Kernel privilege escalation
[79514] Microsoft Windows up to Vista Kernel privilege escalation
[79513] Microsoft Windows up to Vista Kernel privilege escalation
[79512] Microsoft Windows up to Vista Kernel privilege escalation
[79511] Microsoft Windows Vista/7/8/8.1 Media Center privilege escalation
[79510] Microsoft Windows Vista/7/8/8.1 Media Center information disclosure
[79509] Microsoft Windows up to Vista PGM race condition
[79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation
[79507] Microsoft Windows up to Vista Library Loader privilege escalation
[79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation
[79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error
[79495] Microsoft Windows up to Vista Graphics memory corruption
[79494] Microsoft Windows up to Vista Graphics memory corruption
[79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
[79492] Microsoft Windows DNS memory corruption
[79191] Microsoft Windows Journal memory corruption
[79184] Microsoft Windows up to Vista TLS Schannel privilege escalation
[79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
[79182] Microsoft Windows up to Vista Winsock privilege escalation
[79174] Microsoft Windows up to Vista Kernel 7PK Security Features
[79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
[79172] Microsoft Windows up to Vista Graphics privilege escalation
[79171] Microsoft Windows up to Vista Graphics privilege escalation
[79170] Microsoft Windows up to Vista Kernel information disclosure
[79169] Microsoft Windows up to Vista Kernel privilege escalation
[79168] Microsoft Windows up to Vista Kernel 7PK Security Features
[79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
[78364] Microsoft Windows 7 SP1/Vista SP2 Shell memory corruption
[78363] Microsoft Windows up to Vista SP2 Shell memory corruption
[77640] Microsoft Windows Active Directory Code
[77636] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77625] Microsoft Windows up to Vista SP2 Journal File Numeric Error
[77622] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77621] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77620] Microsoft Windows up to Vista SP2 Journal File privilege escalation
[77616] Microsoft Windows Vista SP2/7 SP1/8/8.1 Windows Media Center privilege escalation
[77613] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll privilege escalation
[77042] Microsoft Windows up to Vista Filesystem privilege escalation
[77041] Microsoft Windows up to Vista Registry privilege escalation
[77040] Microsoft Windows up to Vista Object Manager privilege escalation
[77039] Microsoft Windows up to Vista WebDAV SSL weak encryption
[77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
[77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
[77035] Microsoft Windows up to Vista Server Message Block memory corruption
[77034] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation
[77033] Microsoft Windows up to Vista Remote Desktop Session Host privilege escalation
[77032] Microsoft Windows up to Vista XML Core Services weak encryption
[77031] Microsoft Windows up to Vista XML Core Services information disclosure
[77030] Microsoft Windows up to Vista XML Core Services weak encryption
[77029] Microsoft Windows up to Vista Shell Security Feature privilege escalation
[77028] Microsoft Windows up to Vista KMD Security Feature privilege escalation
[77027] Microsoft Windows up to Vista CSRSS privilege escalation
[77026] Microsoft Windows up to Vista ASLR information disclosure
[77025] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77024] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77023] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77022] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77021] Microsoft Windows up to Vista TrueType Font Parser privilege escalation
[77020] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77019] Microsoft Windows up to Vista OpenType Font Parser Code
[77018] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77017] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77016] Microsoft Windows up to Vista OpenType Font Parser privilege escalation
[77015] Microsoft Windows up to Vista OpenType Font Parser Data Processing Error
[76756] Microsoft Windows up to Vista SP2 Adobe Type Manager Library atmfd.dll memory corruption
[76493] Microsoft Windows up to Vista SP2 OLE privilege escalation
[76492] Microsoft Windows up to Vista SP2 OLE privilege escalation
[76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
[76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error
[76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features
[76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
[75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
[75782] Microsoft Windows up to Vista Common Controls memory corruption
[75760] Microsoft Windows Media Player 10/11/12 DataObject Code
[75335] Microsoft Windows up to Vista SP2 Service Control Manager privilege escalation
[75328] Microsoft Windows up to Vista Management Console memory corruption
[75327] Microsoft Windows up to Vista SP2 Schannel weak encryption
[75304] Microsoft Windows up to Vista SP2 TrueType Font Parser Data Processing Error
[75303] Microsoft Windows up to Vista SP2 OpenType Font Parser information disclosure
[75285] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75284] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75283] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75282] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75281] Microsoft Windows up to Vista SP2 Journal privilege escalation
[75280] Microsoft Windows up to Vista SP2 Journal privilege escalation
[74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation
[74840] Microsoft Windows up to Vista EMF File privilege escalation
[74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
[74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
[74104] Microsoft Windows up to Vista Digital Certificate weak authentication
[74022] Microsoft Windows up to Vista Certificate weak authentication
[73972] Microsoft Windows up to Vista SP2 PNG Parser information disclosure
[73963] Microsoft Windows up to Vista SP2 Photo Decoder information disclosure
[73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
[73960] Microsoft Windows Netlogon Service User 7PK Security Features
[73959] Microsoft Windows up to Vista SP2 DLL Data Processing Error
[73958] Microsoft Windows up to Vista SP2 Text Services Data Processing Error
[73957] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73956] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73955] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73954] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73953] Microsoft Windows up to Vista Adobe Font Driver information disclosure
[73952] Microsoft Windows up to Vista Adobe Font Driver privilege escalation
[73951] Microsoft Windows up to Vista Adobe Font Driver information disclosure
[73950] Microsoft Windows up to Vista Adobe Font Driver memory corruption
[73938] Microsoft Windows VBScript Scripting Engine denial of service
[69258] Microsoft Windows up to Vista Secure Channel FREAK weak encryption
[69161] Microsoft Windows up to Vista information disclosure
[69160] Microsoft Windows up to Server 2012 Process privilege escalation
[69159] Microsoft Windows up to Vista Group Policy 7PK Security Features
[69154] Microsoft Windows up to Vista Group Policy weak authentication
[69153] Microsoft Windows up to Vista Font Mapper win32k.sys privilege escalation
[69152] Microsoft Windows up to Vista True Type Font win32k.sys privilege escalation
[69151] Microsoft Windows up to Vista Kernel-Mode Driver win32k.sys memory corruption
[69150] Microsoft Windows up to Vista win32k.sys privilege escalation
[69149] Microsoft Windows up to Vista Cryptography Next Generation cng.sys information disclosure
[69148] Microsoft Windows up to Vista Win32k.sys privilege escalation
[68596] Microsoft Windows Internet Authentication Service denial of service
[68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
[68590] Microsoft Windows up to Vista TS WebProxy directory traversal
[68589] Microsoft Windows up to Vista Telnet Server memory corruption
[66827] Microsoft Windows Media Player 11.0.5721.5230 memory corruption
[66445] Microsoft Windows 8.0/8.1 XMLDOM ActiveX Control privilege escalation
[65723] Microsoft Windows Authenticode WinVerifyTrust privilege escalation
[62913] Microsoft Windows up to XP SP3 Shell Numeric Error
[61648] Microsoft Windows XP privilege escalation
[60245] Microsoft Windows unknown vulnerability
[60209] Microsoft Windows msvcrt.dll memory corruption
[60065] Microsoft Windows 2000 mod_sql information disclosure
[59391] Microsoft Windows memory corruption
[59006] Microsoft Windows Media Center TV Pack memory corruption
[59004] Microsoft Windows memory corruption
[58991] Microsoft Windows XP memory corruption
[58238] Microsoft Windows Data Access Components memory corruption
[58236] Microsoft Windows TCP/IP Stack denial of service
[57812] Microsoft Windows XP lots-of-polys-example.html privilege escalation
[57692] Microsoft Windows XP denial of service
[57085] Microsoft Windows msgsc.dll memory corruption
[57080] Microsoft Windows privilege escalation
[57014] Microsoft Windows Default Configuration
[56779] Microsoft Windows Stream Buffer Engine SBE.dll privilege escalation
[56598] Microsoft Windows Azure Sdk up to 1.2 privilege escalation
[56383] Microsoft Windows privilege escalation
[56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
[55937] Microsoft Windows XP denial of service
[55777] Microsoft Windows Movie Maker 2.6 memory corruption
[55776] Microsoft Windows memory corruption
[55775] Microsoft Windows Media Encoder 9 memory corruption
[54982] Microsoft Windows 7/Vista SP2 denial of service
[54981] Microsoft Windows R2 privilege escalation
[54718] Microsoft Windows up to XP SP3 Print Spooler EmeraldThread privilege escalation
[54717] Microsoft Windows privilege escalation
[54555] Microsoft Windows 6.00.2900.5512 wab.exe memory corruption
[54553] Microsoft Windows sdclt.exe weak encryption
[54552] Microsoft Windows smmscrpt.dll memory corruption
[54551] Microsoft Windows contact memory corruption
[54547] Microsoft Windows grpconv.exe memory corruption
[54342] Microsoft Windows privilege escalation
[54341] Microsoft Windows Movie Maker 2.1 privilege escalation
[54334] Microsoft Windows privilege escalation
[54333] Microsoft Windows denial of service
[54332] Microsoft Windows privilege escalation
[53591] Microsoft Windows Server 2003 GetServerName cross site scripting
[53511] Microsoft Windows privilege escalation
[53207] Microsoft Windows Graphics Driver cdd.dll Numeric Error
[53104] Microsoft Windows smtpsvc.dll privilege escalation
[53103] Microsoft Windows smtpsvc.dll weak encryption
[52780] Microsoft Windows cabview.dll privilege escalation
[52776] Microsoft Windows SMB Client denial of service
[52775] Microsoft Windows denial of service
[52774] Microsoft Windows SMB Client privilege escalation
[52753] Microsoft Windows information disclosure
[52336] Microsoft Windows denial of service
[52283] Microsoft Windows Media Player 11.0.5721.5145 memory corruption
[52036] Microsoft Windows 2000 MsgBox memory corruption
[51997] Microsoft Windows Media Player 9 memory corruption
[51811] Microsoft Windows max3activex.dll privilege escalation
[51809] Microsoft Windows denial of service
[51808] Microsoft Windows privilege escalation
[51807] Microsoft Windows privilege escalation
[51806] Microsoft Windows privilege escalation
[51804] Microsoft Windows weak encryption
[51803] Microsoft Windows denial of service
[51796] Microsoft Windows privilege escalation
[51795] Microsoft Windows race condition
[51794] Microsoft Windows privilege escalation
[51793] Microsoft Windows race condition
[51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
[51135] Microsoft Windows ir32_32.dll memory corruption
[51134] Microsoft Windows privilege escalation
[51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation
[51132] Microsoft Windows memory corruption
[51128] Microsoft Windows privilege escalation
[51078] Microsoft Windows denial of service
[51077] Microsoft Windows privilege escalation
[51076] Microsoft Windows denial of service
[51075] Microsoft Windows privilege escalation
[51073] Microsoft Windows weak authentication
[50811] Microsoft Windows denial of service
[50786] Microsoft Windows 2000 llssrv.exe memory corruption
[50785] Microsoft Windows privilege escalation
[50783] Microsoft Windows privilege escalation
[50451] Microsoft Windows GDI+ Numeric Error
[50449] Microsoft Windows EducatedScholar privilege escalation
[50448] Microsoft Windows privilege escalation
[50447] Microsoft Windows privilege escalation
[50446] Microsoft Windows Media Player 6.4 memory corruption
[50445] Microsoft Windows EducatedScholar denial of service
[50444] Microsoft Windows Local Security Authority Subsystem Service Numeric Error
[50439] Microsoft Windows Numeric Error
[50438] Microsoft Windows weak encryption
[50431] Microsoft Windows privilege escalation
[50430] Microsoft Windows privilege escalation
[50429] Microsoft Windows privilege escalation
[49866] Microsoft Windows Server 2003 privilege escalation
[49745] Microsoft Windows Server 2003 denial of service
[49434] Microsoft Windows 7 denial of service
[49394] Microsoft Windows Server 2003 privilege escalation
[49393] Microsoft Windows privilege escalation
[49392] Microsoft Windows memory corruption
[49391] Microsoft Windows Avifil32.dll Numeric Error
[49046] Microsoft Windows Server 2003 quartz.dll privilege escalation
[49045] Microsoft Windows Server 2003 quartz.dll privilege escalation
[48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation
[48517] Microsoft Windows 2000 denial of service
[48516] Microsoft Windows Server 2008 privilege escalation
[48513] Microsoft Windows Search 4.0 cross site scripting
[48512] Microsoft Windows Server 2008 privilege escalation
[48033] Microsoft Windows XP denial of service
[47804] Microsoft Windows Media Player 11.0.5721.5260 Numeric Error
[47719] Microsoft Windows 2000 memory corruption
[47717] Microsoft Windows privilege escalation
[47715] Microsoft Windows 2000 Wordpad memory corruption
[47465] Microsoft Windows GDI+ gdiplus.dll GpFont::SetData Numeric Error
[47464] Microsoft Windows unlzh.c memory corruption
[47091] Microsoft Windows Server 2008 privilege escalation
[47090] Microsoft Windows Server 2008 privilege escalation
[47089] Microsoft Windows weak authentication
[46637] Microsoft Windows DNS Server denial of service
[46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation
[46007] Microsoft Windows Mobile 6.0 FTP Service directory traversal
[45911] Microsoft Windows Domain Controller privilege escalation
[45907] Microsoft Windows XP chm memory corruption
[45905] Microsoft Windows privilege escalation
[45904] Microsoft Windows memory corruption
[45763] Microsoft Windows Live Messenger up to 8.5.1 information disclosure
[45676] Microsoft Windows Media Player 9 quartz.dll Numeric Error
[45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service
[45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service
[45378] Microsoft Windows Media Player up to 6.4 information disclosure
[45377] Microsoft Windows Media Format Runtime up to 9.5 privilege escalation
[45197] Microsoft Windows 2000 nskey.dll memory corruption
[45129] Microsoft Windows Live Messenger denial of service
[45063] Microsoft Windows Server 2003 Active Directory information disclosure
[44860] Microsoft Windows Media Player up to 9 privilege escalation
[44533] Microsoft Windows 2000 mqsvc.exe privilege escalation
[44249] Microsoft Windows XP SP3 gdiplus.dll Numeric Error
[44246] Microsoft Windows XP SP3 denial of service
[44227] Microsoft Windows Mobile 6.0 Bluetooth privilege escalation
[44069] Microsoft Windows denial of service
[43982] Microsoft Windows Image Acquisition Logger ActiveX Control privilege escalation
[43953] Microsoft Windows ActiveX Control wmex.dll memory corruption
[43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation
[43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation
[43659] Microsoft Windows Messenger 5.1 ActiveX Control information disclosure
[43658] Microsoft Windows XP SP2 nslookup.exe privilege escalation
[43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability
[42732] Microsoft Windows Server 2003/Vista/XP privilege escalation
[42731] Microsoft Windows Server 2003 privilege escalation
[42638] Microsoft Windows Installer 3.1.4000.1823 ActiveX Control msiexec.exe memory corruption
[42328] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service
[42327] Microsoft Windows Live Onecare 1.1.3520.0 Malware Protection Engine mpengine.dll denial of service
[41879] Microsoft Windows 2000/Server 2003/Vista memory corruption
[41878] Microsoft Windows 2000/Server 2003/Vista weak authentication
[41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation
[41656] Microsoft Windows privilege escalation
[40987] Microsoft Windows 2000 privilege escalation
[40986] Microsoft Windows Vista denial of service
[40416] Microsoft Windows XP memory corruption
[39937] Microsoft Windows Media Player 11 Numeric Error
[39769] Microsoft Windows 2000 cryptgenrandom information disclosure
[39749] Microsoft Windows 2000 msjet40.dll memory corruption
[39655] Microsoft Windows Server 2003 Configuration
[39324] Microsoft Windows Mobile 2005 SMS privilege escalation
[39013] Microsoft Windows XP explorer.exe memory corruption
[39012] Microsoft Windows Live Messenger up to 8.1 doc memory corruption
[38999] Microsoft Windows Server 2003 explorer.exe denial of service
[38962] Microsoft Windows Media Player 9 privilege escalation
[38332] Microsoft Windows Gadgets memory corruption
[38329] Microsoft Windows cross site scripting
[38328] Microsoft Windows memory corruption
[38326] Microsoft Windows 2000 attemptwrite Numeric Error
[38272] Microsoft Windows Media Player 11 wmplayer.exe denial of service
[38246] Microsoft Windows denial of service
[37736] Microsoft Windows Vista unknown vulnerability
[37526] Microsoft Windows 2000/Server 2003 denial of service
[37251] Microsoft Windows 2000 memory corruption
[37157] Microsoft Windows XP Graphics Device Interface gdiplus.dll denial of service
[37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
[36515] Microsoft Windows 2000/Server 2003/XP memory corruption
[36086] Microsoft Windows XP SP1 BMP Image Integer Coercion Error
[36052] Microsoft Windows 2000 memory corruption
[36002] Microsoft Windows 2000/XP denial of service
[35900] Microsoft Windows up to Vista GDI memory corruption
[35846] Microsoft Windows 2000/Server 2003 Default Configuration
[35822] Microsoft Windows Proxy Server denial of service
[35708] Microsoft Windows Vista Teredo Address privilege escalation
[35707] Microsoft Windows Vista Meeting Space dfsr.exe unknown vulnerability
[35706] Microsoft Windows Vista weak authentication
[35705] Microsoft Windows Vista weak authentication
[35704] Microsoft Windows Vista/XP ARP denial of service
[35703] Microsoft Windows Vista LLTD Mapper denial of service
[35702] Microsoft Windows Vista LLTD Responder weak authentication
[35701] Microsoft Windows Vista LLTD Mapper weak authentication
[35700] Microsoft Windows Vista LLTD Mapper weak authentication
[35654] Microsoft Windows XP winmm.dll mmioread denial of service
[35514] Microsoft Windows Explorer ole32.dll memory corruption
[35206] Microsoft Windows Server 2003/XP denial of service
[34994] Microsoft Windows 2000 OLE Dialog memory corruption
[34967] Microsoft Windows Mobile 5.0 denial of service
[34804] Microsoft Windows Mobile 5.0 memory corruption
[34794] Microsoft Windows Vista Speech Recognition sapi.dll privilege escalation
[34793] Microsoft Windows Mobile 5.0 denial of service
[34690] Microsoft Windows Explorer 6.0.2900.2180 explorer.exe denial of service
[34207] Microsoft Windows Mobile Pocket PC Bluetooth Stack unknown vulnerability
[34206] Microsoft Windows Bluetooth Stack unknown vulnerability
[34038] Microsoft Windows Event Viewer eventvwr.exe unknown vulnerability
[33890] Microsoft Windows XP SP2 Explorer explorer.exe denial of service
[33889] Microsoft Windows Media Player 10.00.00.4036 denial of service
[33795] Microsoft Windows Media Player 6.4 memory corruption
[33589] Microsoft Windows Live Messenger up to 8.0 denial of service
[32899] Microsoft Windows Digital Rights Management drmstor.dll storelicense memory corruption
[32694] Microsoft Windows 2000 privilege escalation
[31797] Microsoft Windows File Viewer winhlp32.exe memory corruption
[31736] Microsoft Windows XP gdiplus.dll denial of service
[31521] Microsoft Windows NT 4.0/2000/XP IP Stack denial of service
[31236] Microsoft Windows information disclosure
[31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption
[31024] Microsoft Windows Live Messenger 8.0 memory corruption
[30801] Microsoft Windows up to 2000 Connection Manager memory corruption
[30799] Microsoft Windows 98/ME Rendering Engine polypolygon Numeric Error
[30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service
[29471] Microsoft Windows Help winhlp32.exe memory corruption
[29383] Microsoft Windows XP unknown vulnerability
[28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service
[28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability
[28254] Microsoft Windows 2000 Rendering Engine extescape denial of service
[27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service
[27224] Microsoft Windows up to 1999 denial of service
[27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption
[26923] Microsoft Windows XP Administrator Account unknown vulnerability
[26618] Microsoft Windows 2000/XP Subsystem memory corruption
[26535] Microsoft Windows Distributed Transaction Coordinator msdtcprx.dll ndrallocate privilege escalation
[26534] Microsoft Windows denial of service
[26523] Microsoft Windows 95/98/ME/NT 4.0 Terminal Service unknown vulnerability
[26519] Microsoft Windows 95/98/ME/NT 4.0 Chart widechartomultibyte memory corruption
[26517] Microsoft Windows 95/98/ME/NT 4.0 Certificates unknown vulnerability
[26516] Microsoft Windows 95/98/ME/NT 4.0 Active Directory unknown vulnerability
[26515] Microsoft Windows 95/98/ME/NT 4.0 Access Control List unknown vulnerability
[25708] Microsoft Windows unknown vulnerability
[25515] Microsoft Windows orun32.exe memory corruption
[25513] Microsoft Windows XP Services for UNIX unknown vulnerability
[25509] Microsoft Windows msasn1.dll memory corruption
[25400] Microsoft Windows 98SE user32.dll denial of service
[25399] Microsoft Windows XP denial of service
[25256] Microsoft Windows XP denial of service
[25185] Microsoft Windows Media Player ME unknown vulnerability
[24907] Microsoft Windows 2000 TCP/IP Stack denial of service
[24746] Microsoft Windows 2000/ME Explorer denial of service
[24283] Microsoft Windows 2000/Server 2003/XP memory corruption
[24252] Microsoft Windows 2000/NT memory corruption
[23410] Microsoft Windows XP Utility Manager denial of service
[22675] Microsoft Windows winhlp32.exe memory corruption
[22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption
[22560] Microsoft Windows Media Player 9.0 getiteminfobyatom unknown vulnerability
[68403] Microsoft Windows up to Vista information disclosure
[68239] Microsoft Windows up to Vista Kerberos KDC EsikmoRoll privilege escalation
[68196] Microsoft Windows up to Vista TrueType Array Index denial of service
[68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation
[68192] Microsoft Windows up to Vista Remote Desktop Protocol weak authentication
[68190] Microsoft Windows up to Vista Audio Service privilege escalation
[68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation
[68184] Microsoft Windows up to Vista privilege escalation
[68183] Microsoft Windows up to Vista Schannel privilege escalation
[68165] Microsoft Windows up to XP OLE Automation Array OleAut32.dll SafeArrayDimen privilege escalation
[68045] Microsoft Windows up to Vista SP2 OLE privilege escalation
[67827] Microsoft Windows up to Vista win32k.sys privilege escalation
[67826] Microsoft Windows up to Vista TrueType Font win32k.sys privilege escalation
[67822] Microsoft Windows up to Vista OLE Object Packager packager.dll privilege escalation
[67806] Microsoft Windows up to Vista TrueType Font privilege escalation
[67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service
[67326] Microsoft Windows Media Center MCPlayer.dll CSyncBasePlayer denial of service
[67030] Microsoft Windows up to Vista Certificates weak authentication
[67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service
[66987] Microsoft Windows up to Vista Journal Parser privilege escalation
[22011] Microsoft Windows Server 2003 idirectplay4 API denial of service
[21967] Microsoft Windows 2000/ME Media Player cross site scripting
[21926] Microsoft Windows XP Help Center HelpCtr.exe unknown vulnerability
[21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption
[21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption
[21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption
[21751] Microsoft Windows Media Services 4.1 TCP/IP Packet denial of service
[21548] Microsoft Windows Media Player 9/ME PNG Image memory corruption
[21476] Microsoft Windows 2000 Message Queue Manager memory corruption
[21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service
[21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service
[20978] Microsoft Windows Server 2003 Shell Link directory traversal
[20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption
[20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation
[20815] Microsoft Windows Distributed Component Object Model Interface memory corruption
[20770] Microsoft Windows Media Player 7/8 IFRAME Tag privilege escalation
[20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption
[20485] Microsoft Windows NT 4.0/2000 Media Services nsiislog.dll memory corruption
[20307] Microsoft Windows NT 4.0/2000/XP RPC Endpoint Mapper denial of service
[20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error
[20182] Microsoft Windows ME Help/Support Center cross site scripting
[20108] Microsoft Windows NT 4.0/2000/XP Terminal Server memory corruption
[19970] Microsoft Windows 2000 Active Directory privilege escalation
[19759] Microsoft Windows XP ISAKMP Service denial of service
[19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure
[19574] Microsoft Windows 2000/XP Log Size denial of service
[19490] Microsoft Windows Media Player up to 7.1 MP3 File Name mplay32.exe memory corruption
[19355] Microsoft Windows 2000 TCP Packet denial of service
[19315] Microsoft Windows XP Internet Explorer 6.0 privilege escalation
[19261] Microsoft Windows XP Shell memory corruption
[19231] Microsoft Windows XP Domain Controller unknown vulnerability
[19194] Microsoft Windows 98/NT 4.0 Certificate weak authentication
[19105] Microsoft Windows 2000/XP PPTP Service memory corruption
[19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service
[19063] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service
[19062] Microsoft Windows NT 4.0/2000/XP Sun RPC Library Services denial of service
[19061] Microsoft Windows 98/ME/XP ZIP Archive privilege escalation
[19054] Microsoft Windows 2000/XP RDP denial of service
[19053] Microsoft Windows 2000/XP RDP weak encryption
[19043] Microsoft Windows NT 4.0/2000/XP CHM File memory corruption
[19042] Microsoft Windows NT 4.0/2000/XP HTML Help ActiveX Control hhctrl.ocx alink memory corruption
[18814] Microsoft Windows 98/98SE/ME/XP Crypto API weak authentication
[18810] Microsoft Windows up to XP Certificate Enrollment ActiveX Control unknown vulnerability
[18782] Microsoft Windows XP Help/Support Center uplddrvinfo.htm File denial of service
[18772] Microsoft Windows NT 4.0/2000 SMB memory corruption
[18709] Microsoft Windows HTML Help ActiveX Control Winhlp32.exe memory corruption
[18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting
[18464] Microsoft Windows 2000 Terminal Server privilege escalation
[18395] Microsoft Windows Media Player 7.1 information disclosure
[18351] Microsoft Windows Media Player 6.4/7.1 WMA Media File privilege escalation
[18325] Microsoft Windows Media Player 8.00.00.4477 WMF File privilege escalation
[18276] Microsoft Windows 2000 LANMAN Service denial of service
[18214] Microsoft Windows XP TCP SYN denial of service
[18130] Microsoft Windows 2000 denial of service
[17973] Microsoft Windows 2000 Shell memory corruption
[17960] Microsoft Windows 2000/XP SMTP Service denial of service
[17959] Microsoft Windows 2000 SMTP Service privilege escalation
[17958] Microsoft Windows up to XP SNMP Agent Service memory corruption
[17947] Microsoft Windows 2000 Telnet Server memory corruption
[17946] Microsoft Windows 2000/NT Authorization weak authentication
[17890] Microsoft Windows XP Remote Desktop Client weak encryption
[17871] Microsoft Windows ME SSDP Service ssdpsrv.exe denial of service
[17834] Microsoft Windows 2000 NTFS privilege escalation
[17761] Microsoft Windows 98/98SE/ME/XP UPnP denial of service
[17760] Microsoft Windows 98/98SE/ME/XP UPnP memory corruption
[17728] Microsoft Windows 2000 IKE denial of service
[17718] Microsoft Windows 2000/XP Network Address Translation weak authentication
[17660] Microsoft Windows 98/98SE/ME/XP UPnP denial of service
[17658] Microsoft Windows Media Player up to 7.1 ASF File memory corruption
[17655] Microsoft Windows NT 4.0/2000 Terminal Server denial of service
[17608] Microsoft Windows XP Help Center helpctr.exe memory corruption
[17572] Microsoft Windows NT 4.0 RPC Endpoint Mapper denial of service
[17567] Microsoft Windows NT 4.0/2000 Terminal Server denial of service
[17389] Microsoft Windows 2000 IrDA Driver memory corruption
[17373] Microsoft Windows NT 4.0/2000 NNTP Service denial of service
[17372] Microsoft Windows Media Player 6.4/7.0/7.1 NSC File memory corruption
[17371] Microsoft Windows NT 4.0/2000 RPC Server denial of service
[17310] Microsoft Windows NT 4.0/2000 DNS Server weak authentication
[17266] Microsoft Windows NT 4.0 LsaQueryInformationPolicy information disclosure
[17147] Microsoft Windows 2000 SMTP Service privilege escalation
[17099] Microsoft Windows 98/98SE ARP denial of service
[17056] Microsoft Windows 2000 Telnet Service denial of service
[17055] Microsoft Windows 2000 Telnet Domain User information disclosure
[17054] Microsoft Windows 2000 Telnet Service denial of service
[17053] Microsoft Windows 2000 Telnet Session denial of service
[17051] Microsoft Windows NT 4.0/2000 Visual Studio RAD fp30reg.dll memory corruption
[17049] Microsoft Windows 2000 Message Request denial of service
[16826] Microsoft Windows Media Player 6.4/7.0 Shortcut privilege escalation
[16825] Microsoft Windows Media Player 6.3/6.4/7.0 ASX File memory corruption
[16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption
[16822] Microsoft Windows 2000 Kerberos denial of service
[16706] Microsoft Windows Media Player 7 WMP ActiveX Control privilege escalation
[16677] Microsoft Windows 98/2000 Java Applet denial of service
[16600] Microsoft Windows 2000 Event Viewer memory corruption
[16540] Microsoft Windows Media Player 7 Skin skin.wmz privilege escalation
[16510] Microsoft Windows NT 4.0 PPTP Server denial of service
[16457] Microsoft Windows NT 4.0 MTS Package Registry privilege escalation
[16417] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service
[16381] Microsoft Windows 2000 RDP denial of service
[16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation
[16305] Microsoft Windows NT 4.0 Terminal Server RegAPI.DLL memory corruption
[16269] Microsoft Windows Media Player 6.4/7.0 ASX File memory corruption
[16267] Microsoft Windows 2000 Telnet Service denial of service
[16238] Microsoft Windows 95/98/98SE/NT 4.0 TCP Connection denial of service
[16232] Microsoft Windows CE 3.0.9348 Initial Sequence Number weak authentication
[16212] Microsoft Windows NT 4.0/2000 SMBnegprots Request denial of service
[16191] Microsoft Windows 95/98/98SE/ME NMPI Listener denial of service
[16190] Microsoft Windows 95/98/98SE/ME File/Print Sharing Service weak authentication
[16140] Microsoft Windows Media Player 7 OCX Control denial of service
[16098] Microsoft Windows NT 4.0 Cenroll ActiveX Control xenroll.dll denial of service
[16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption
[16024] Microsoft Windows 95/98/98SE NetBIOS Client denial of service
[15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation
[15980] Microsoft Windows Media Services 4.0/4.1 Unicast Service denial of service
[15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation
[15884] Microsoft Windows 95/98 IPX Packet denial of service
[15805] Microsoft Windows 95/98/NT 4.0/2000 NetBIOS weak authentication
[15802] Microsoft Windows NT 4.0/2000 NetBIOS Name Server denial of service
[15726] Microsoft Windows 2000 Telnet Server denial of service
[15725] Microsoft Windows 2000 Port denial of service
[15722] Microsoft Windows 95/98/NT 4.0 ARP Table weak authentication
[15644] Microsoft Windows NT 4.0 Remote Registry Request denial of service
[15628] Microsoft Windows NT 4.0/2000 DCE/RPC Request SMBwriteX denial of service
[15607] Microsoft Windows Media Services 4.0/4.1 Encoder Request denial of service
[15593] Microsoft Windows 95/98/NT 4.0/2000 CIFS Computer Browser denial of service
[15592] Microsoft Windows NT 4.0 CIFS Computer Browser denial of service
[15575] Microsoft Windows 95/98/NT 4.0/2000 IP Fragmentation Jolt2 denial of service
[15554] Microsoft Windows NT 4.0 Service Control Manager denial of service
[15512] Microsoft Windows 95/98 NetBIOS denial of service
[15475] Microsoft Windows NT 4.0/2000 cmd.exe memory corruption
[15455] Microsoft Windows 98/XP/NT 4.0/2000 Domain Name Resolver weak authentication
[15397] Microsoft Windows Media Rights Manager 4.0/4.1 denial of service
[15341] Microsoft Windows Media Services 4.0/4.1 Handshake denial of service
[15325] Microsoft Windows 2000 Share weak authentication
[15188] Microsoft Windows NT 3.5/4.0 RSH Service Utility .rhosts privilege escalation
[15177] Microsoft Windows NT 4.0/2000 Policy privilege escalation
[15160] Microsoft Windows NT 4.0 SP2 Password Complexity passfilt.dll weak authentication
[15147] Microsoft Windows NT 4.0 Netbt.sys denial of service
[15142] Microsoft Windows NT 4.0 ICMP Subnet Mask denial of service
[15140] Microsoft Windows NT 4.0 Routing Information Field denial of service
[15139] Microsoft Windows NT 4.0 RPC denial of service
[15135] Microsoft Windows 95 Remote Administration privilege escalation
[15122] Microsoft Windows NT 4.0 SNMP Agent denial of service
[15066] Microsoft Windows NT 4.0 Local Security Authority Subsystem LsaLookupSids privilege escalation
[15065] Microsoft Windows NT 4.0 Keystream privilege escalation
[15011] Microsoft Windows NT 4.0/2000 NTMail privilege escalation
[15003] Microsoft Windows 95/98 Credential privilege escalation
[14987] Microsoft Windows NT System Policy weak authentication
[14986] Microsoft Windows 98/NT 4.0/2000 Wordpad memory corruption
[14976] Microsoft Windows Media Player ActiveX Control File information disclosure
[14974] Microsoft Windows 95/98 Network privilege escalation
[14921] Microsoft Windows NT 4.0 LSA lsass.exe denial of service
[14849] Microsoft Windows 98/NT 4.0 IP Source Routing privilege escalation
[14848] Microsoft Windows NT 4.0 RASMAN Configuration
[14800] Microsoft Windows NT 4.0 TCP Initial Sequence Number weak authentication
[14778] Microsoft Windows 95/98 Telnet Client memory corruption
[14767] Microsoft Windows NT 4.0 Terminal Server weak authentication
[14740] Microsoft Windows NT 4.0 Messenger Service denial of service
[14733] Microsoft Windows NT 4.0/2000 Local Security Authority Subsystem privilege escalation
[14719] Microsoft Windows NT 4.0 IOCTL privilege escalation
[14718] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 IGMP Header privilege escalation
[14710] Microsoft Windows NT 4.0 Image Header privilege escalation
[14709] Microsoft Windows NT 3.51/NT 4.0 RAS/PPTP denial of service
[14697] Microsoft Windows NT 4.0 CSRSS Worker Thread denial of service
[14669] Microsoft Windows NT 4.0 RRAS/RAS Client privilege escalation
[14608] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 ARP Packet denial of service
[14560] Microsoft Windows 95/98/NT 4.0 ICMP Redirect Message denial of service
[14489] Microsoft Windows NT 4.0 SP4 NT Hash Value weak authentication
[14487] Microsoft Windows 95/98 TCP/IP Chorus denial of service
[14461] Microsoft Windows 98 Packet denial of service
[14454] Microsoft Windows NT 4.0 Beta Share privilege escalation
[14443] Microsoft Windows 95/98/NT 3.51/NT 4.0/2000 SMB Authentication weak authentication
[14429] Microsoft Windows NT Registry Key Value privilege escalation
[14428] Microsoft Windows NT Registry Key Permission privilege escalation
[14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation
[14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation
[14394] Microsoft Windows 2000/NT NT Alerter privilege escalation
[14379] Microsoft Windows NT Registry Key privilege escalation
[14378] Microsoft Windows NT 4.0/2000 User Group privilege escalation
[14371] Microsoft Windows up to XP Log File Size unknown vulnerability
[14370] Microsoft Windows up to XP Removable Media privilege escalation
[14368] Microsoft Windows up to XP Logon Box Username information disclosure
[14367] Microsoft Windows up to XP Eventlog privilege escalation
[14366] Microsoft Windows up to XP Registry Key privilege escalation
[14362] Microsoft Windows 95/98/ME/NT File System privilege escalation
[14361] Microsoft Windows NT 4.0/2000 Relationship privilege escalation
[14360] Microsoft Windows up to XP Registry privilege escalation
[14359] Microsoft Windows up to XP Registry privilege escalation
[14358] Microsoft Windows up to XP Registry Audit Policy privilege escalation
[14356] Microsoft Windows up to XP File Audit Policy privilege escalation
[14354] Microsoft Windows NT Password Filter PASSFILT.DLL weak authentication
[14348] Microsoft Windows NT Directory privilege escalation
[14311] Microsoft Windows NT Web Server information disclosure
[14310] Microsoft Windows NT 4.0 Ressource Kit denial of service
[14301] Microsoft Windows NT IP Fragmentation Data Processing Error
[14298] Microsoft Windows NT 3.51/NT 4.0 WFTP Server Guest weak authentication
[14238] Microsoft Windows 95/NT 4.0 TCP Packet weak authentication
[14228] Microsoft Windows NT 4.0 RPC Server Snork denial of service
[14197] Microsoft Windows NT 4.0 WINS denial of service
[14128] Microsoft Windows NT 3.51/NT 4.0 WINS Coke denial of service
[14077] Microsoft Windows NT 4.0 SMB Logon denial of service
[14076] Microsoft Windows 95/NT 4.0 IP Fragmentation Bonk denial of service
[14042] Microsoft Windows NT 4.0 SNMP Agent snmp.exe denial of service
[14041] Microsoft Windows 95/NT 4.0 TCP SYN Teardrop2 denial of service
[14040] Microsoft Windows 95/NT 3.51/NT 4.0 TCP SYN Teardrop denial of service
[14031] Microsoft Windows 95/NT 4.0 TCP SYN Country denial of service
[13992] Microsoft Windows WINS denial of service
[13940] Microsoft Windows up to NT 4.0 SP2 IP Fragmentation privilege escalation
[13924] Microsoft Windows up to NT 4.0 NetBIOS WinNuke denial of service
[13911] Microsoft Windows NT 4.0 DNS Server denial of service
[13907] Microsoft Windows NT 4.0 LSA/LSARPC LSASS.EXE privilege escalation
[13873] Microsoft Windows 4.0 SMB Mount denial of service
[13871] Microsoft Windows NT 4.0 Winpopup denial of service
[13856] Microsoft Windows NT 4.0 RPC Locator rpcss.exe denial of service
[13834] Microsoft Windows NT 4.0/2000 Account Policy weak authentication
[13833] Microsoft Windows NT 4.0 File Audit Policy privilege escalation
[13832] Microsoft Windows NT 4.0 Audit Policy privilege escalation
[13831] Microsoft Windows NT 4.0/2000 REG Files privilege escalation
[13830] Microsoft Windows NT 4.0/2000 Registry privilege escalation
[13828] Microsoft Windows NT 4.0/2000 Account Policy privilege escalation
[13826] Microsoft Windows Traceroute privilege escalation
[13824] Microsoft Windows 95/NT 4.0/2000 NetBIOS/SMB Share weak authentication
[13823] Microsoft Windows 95 NetBIOS/SMB Share weak authentication
[13821] Microsoft Windows NT 4.0/2000 IP Forwarding privilege escalation
[13819] Microsoft Windows NT 4.0/2000 Password Authentication weak authentication
[13817] Microsoft Windows NT 4.0/2000 SNMP Registry Key information disclosure
[13815] Microsoft Windows 95/NT 4.0 ICMP Jolt denial of service
[13814] Microsoft Windows NT 4.0 DNS Server denial of service
[13802] Microsoft Windows 95/NT 3.51 Samba Share Code
[13695] Microsoft Windows NT 4.0 TCP Sequence Number weak authentication
[13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
[13548] Microsoft Windows up to Vista TCP/IP Packet privilege escalation
[13546] Microsoft Windows up to Vista XML Core Services privilege escalation
[13544] Microsoft Windows up to Vista GDI+ privilege escalation
[13543] Microsoft Windows up to Vista Unicode Script Processor usp10.dll memory corruption
[13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication
[13234] Microsoft Windows iSCSI Packets privilege escalation
[13233] Microsoft Windows iSCSI Packets privilege escalation
[12853] Microsoft Windows up to XP SP3 Batch File CreateProcess privilege escalation
[12711] Microsoft Windows Media Player 11.0.5721.5230 WAV File memory corruption
[12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation
[12526] Microsoft Windows up to XP DirectShow denial of service
[12264] Microsoft Windows up to XP XML Core Services privilege escalation
[12263] Microsoft Windows up to Server 2012 Direct2D memory corruption
[12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation
[11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation
[11456] Microsoft Windows up to XP Scripting Runtime Object Library denial of service
[11167] Microsoft Windows up to XP DirectAcccess Server privilege escalation
[11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation
[11147] Microsoft Windows up to XP X.509 Certificate Processor Crypt32.dll/Wcrypt32.dll privilege escalation
[11145] Microsoft Windows up to XP Graphics Device Interface Numeric Error
[11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation
[11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
[10641] Microsoft Windows up to XP Comctl32.dll DSA_InsertItem denial of service
[10638] Microsoft Windows up to XP TrueType Font privilege escalation
[10632] Microsoft Windows up to XP OpenType Font privilege escalation
[10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
[10191] Microsoft Windows Server 2003/XP OLE Object memory corruption
[10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation
[9944] Microsoft Windows up to XP TCP/IP Stack memory corruption
[9943] Microsoft Windows Server 2012 NAT Driver memory corruption
[9942] Microsoft Windows up to XP Asynchronous RPC Request privilege escalation
[9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption
[9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure
[9423] Microsoft Windows Microsoft WMV Codec privilege escalation
[9422] Microsoft Windows GIF DirectShow privilege escalation
[9398] Microsoft Windows up to XP TTF privilege escalation
[9103] Microsoft Windows TCP/IP Driver Numeric Error
[8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation
[8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption
[8208] Microsoft Windows win32k.sys privilege escalation
[8207] Microsoft Windows win32k.sys race condition
[8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation
[8095] Microsoft Windows Modern Mail weak authentication
[7996] Microsoft Windows 8 TrueType Font denial of service
[7680] Microsoft Windows XP SP3 Object Linking/Embedding denial of service
[7678] Microsoft Windows up to XP TCP FIN WAIT TCP/IP denial of service
[7644] Microsoft Windows up to XP .NET Framework callback privilege escalation
[7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service
[7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation
[7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation
[7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption
[7233] Microsoft Windows up to XP SP3 TURKTRUST Certificate weak authentication
[7128] Microsoft Windows up to XP Font Parser privilege escalation
[7123] Microsoft Windows up to XP Font Parser privilege escalation
[7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation
[7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
[6932] Microsoft Windows up to XP win32k.sys denial of service
[6931] Microsoft Windows up to XP win32k.sys denial of service
[6923] Microsoft Windows up to XP Briefcase Numeric Error
[6922] Microsoft Windows up to XP Briefcase denial of service
[6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
[6525] Microsoft Windows Phone 7 Certificate Subject Common Name weak encryption
[6029] Microsoft Windows up to XP MS-CHAP V2 Authentication weak encryption
[5942] Microsoft Windows XP Remote Desktop Protocol memory corruption
[5941] Microsoft Windows XP Remote Administration Protocol memory corruption
[5940] Microsoft Windows XP Remote Administration Protocol memory corruption
[5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String
[5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation
[5663] Microsoft Windows 7/Vista Gadgets memory corruption
[5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
[5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation
[5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation
[5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation
[5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
[5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation
[5361] Microsoft Windows privilege escalation
[5359] Microsoft Windows XP t2embed.dll denial of service
[5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
[5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation
[4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
[4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation
[4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation
[4546] Microsoft Windows NT Ntdll.dll unknown vulnerability
[4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
[4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption
[4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption
[4532] Microsoft Windows Embedded ClickOnce Application memory corruption
[4484] Microsoft Windows Phone 7.5 SMS Service weak encryption
[4481] Microsoft Windows Media Player ENCDEC.DLL privilege escalation
[4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation
[4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
[4458] Microsoft Windows Apple Safari win32k.sys privilege escalation
[4455] Microsoft Windows XP Keyboard Layout win32k.sys denial of service
[4452] Microsoft Windows Adctive Directory Query memory corruption
[4451] Microsoft Windows Kernel Exception privilege escalation
[4450] Microsoft Windows OLE Objects Property privilege escalation
[4449] Microsoft Windows CSRSS Device Event Message privilege escalation
[4448] Microsoft Windows 7/Vista/XP Media DVR-MS Parser privilege escalation
[4447] Microsoft Windows Time ActiveX Control privilege escalation
[4440] Microsoft Windows Active Directory weak authentication
[4439] Microsoft Windows True Type Fonts privilege escalation
[4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error
[4436] Microsoft Windows True Type Fonts win32k.sys memory corruption
[4431] Microsoft Windows SSL/TLS IV privilege escalation
[4422] Microsoft Windows Driver win32k.sys memory corruption
[4421] Microsoft Windows Ancillary Function Driver privilege escalation
[4410] Microsoft Windows Library Loader privilege escalation
[4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation
[4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
[4395] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation
[4394] Microsoft Windows DNS Service Domain Lookup memory corruption
[4393] Microsoft Windows Server 2008 DNS Service privilege escalation
[4392] Microsoft Windows Remote Access Service privilege escalation
[4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
[4389] Microsoft Windows Remote Desktop Protocol denial of service
[4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
[4386] Microsoft Windows XP denial of service
[4382] Microsoft Windows CSRSS memory corruption
[4381] Microsoft Windows 7/Vista Bluetooth Driver Object privilege escalation
[4380] Microsoft Windows Driver win32k.sys denial of service
[4373] Microsoft Windows MHTML cross site scripting
[4371] Microsoft Windows Distributed File System memory corruption
[4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
[4366] Microsoft Windows OLE Automatisation Numeric Error
[4365] Microsoft Windows OpenType Font privilege escalation
[4364] Microsoft Windows Active Directory cross site scripting
[4363] Microsoft Windows SMB Client privilege escalation
[4362] Microsoft Windows 7/Server 2008/Vista denial of service
[4361] Microsoft Windows Ancillary Function Driver privilege escalation
[4347] Microsoft Windows WINS Service privilege escalation
[4339] Microsoft Windows JScript/VBScript Numeric Error
[4338] Microsoft Windows DNS privilege escalation
[4337] Microsoft Windows OpenType Font memory corruption
[4336] Microsoft Windows Driver win32k.sys denial of service
[4335] Microsoft Windows GDI+ Numeric Error
[4333] Microsoft Windows Wordpad privilege escalation
[4331] Microsoft Windows SMB Transaction Parser privilege escalation
[4314] Microsoft Windows DirectShow/Windows Media privilege escalation
[4313] Microsoft Windows Remote Desktop Client privilege escalation
[4301] Microsoft Windows Server 2003 SMB Browser memory corruption
[4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
[4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
[4296] Microsoft Windows Server 2003/XP LSASS weak authentication
[4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
[4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation
[4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption
[4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
[4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
[4238] Microsoft Windows Data Access Components Numeric Error
[4237] Microsoft Windows Thumbnail Bitmap Parser memory corruption
[4235] Microsoft Windows Fax Cover Page Editor memory corruption
[4233] Microsoft Windows privilege escalation
[4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption
[4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation
[4227] Microsoft Windows Netlogon RPC Service denial of service
[4226] Microsoft Windows OpenType Font Driver privilege escalation
[4225] Microsoft Windows Routing/Remote Access NDProxy memory corruption
[4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
[4207] Microsoft Windows Keyboard Layout win32k.sys memory corruption
[4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability
[4202] Microsoft Windows Keyboard Layout win32k.sys Windows Class privilege escalation
[4201] Microsoft Windows OpenType Font Parser Numeric Error
[4198] Microsoft Windows Shell/Wordpad privilege escalation
[4195] Microsoft Windows Integer Truncation Common Control Library memory corruption
[4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation
[4193] Microsoft Windows OpenType Font Parser privilege escalation
[4192] Microsoft Windows LPC Message memory corruption
[4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
[4185] Microsoft Windows Client/Server Run-Time Subsystem privilege escalation
[4184] Microsoft Windows LSASS memory corruption
[4183] Microsoft Windows Unicode Script Processor privilege escalation
[4182] Microsoft Windows MPEG-4 Codec Content Parser privilege escalation
[4181] Microsoft Windows RPC Processor privilege escalation
[4166] Microsoft Windows SMB Server privilege escalation
[4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption
[4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition
[4161] Microsoft Windows TLS/SSL Session weak encryption
[4158] Microsoft Windows Driver win32k.sys CreateDIBPalette memory corruption
[4152] Microsoft Windows MFC Document Title Updating memory corruption
[4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service
[4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation
[4139] Microsoft Windows Help/Support Center privilege escalation
[4136] Microsoft Windows Media Decompression privilege escalation
[4135] Microsoft Windows Kernel Mode Driver privilege escalation
[4134] Microsoft Windows OpenType Compact Font Format Driver privilege escalation
[4126] Microsoft Windows Mail STAT Numeric Error
[4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation
[4105] Microsoft Windows SMB Client denial of service
[4104] Microsoft Windows SMTP Service privilege escalation
[4103] Microsoft Windows Server 2003 Media Services memory corruption
[4102] Microsoft Windows Authentication Verification privilege escalation
[4101] Microsoft Windows ISATAP privilege escalation
[4100] Microsoft Windows MPEG Layer-3 Codec memory corruption
[4089] Microsoft Windows Movie Maker memory corruption
[4088] Microsoft Windows HLP File MsgBox privilege escalation
[4087] Microsoft Windows DirectShow memory corruption
[4086] Microsoft Windows CSRSS privilege escalation
[4085] Microsoft Windows SMB Client privilege escalation
[4084] Microsoft Windows Shell privilege escalation
[4083] Microsoft Windows Paint Numeric Error
[4076] Microsoft Windows Embedded OpenType Font Engine Numeric Error
[4070] Microsoft Windows Indeo Codec memory corruption
[4068] Microsoft Windows MS-CHAP Authentication privilege escalation
[4067] Microsoft Windows Active Directory Federation Service privilege escalation
[4066] Microsoft Windows Local Security Authority Subsystem denial of service
[4060] Microsoft Windows Win32k Kernel Mode Driver privilege escalation
[4058] Microsoft Windows Active Directory denial of service
[4051] Microsoft Windows GDI+ privilege escalation
[4050] Microsoft Windows ActiveX Control memory corruption
[4049] Microsoft Windows ActiveX Controls ATL OleLoadFromStream privilege escalation
[4044] Microsoft Windows Media Runtime privilege escalation
[4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service
[4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption
[4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
[4028] Microsoft Windows ASF/MP3 Media privilege escalation
[4026] Microsoft Windows DHTML Editing ActiveX Control privilege escalation
[4025] Microsoft Windows privilege escalation
[4016] Microsoft Windows Remote Desktop Connection memory corruption
[4014] Microsoft Windows Workstation Service denial of service
[4013] Microsoft Windows Message Queuing Service privilege escalation
[4012] Microsoft Windows WINS Service Numeric Error
[4011] Microsoft Windows WINS Service memory corruption
[4010] Microsoft Windows AVI Movie privilege escalation
[4001] Microsoft Windows DirectShow memory corruption
[3998] Microsoft Windows Embedded OpenType Font Engine memory corruption
[3997] Microsoft Windows Embedded OpenType Font Engine Numeric Error
[3990] Microsoft Windows Print Spooler memory corruption
[3989] Microsoft Windows Print Spooler memory corruption
[3988] Microsoft Windows Print Spooler EnumeratePrintShares memory corruption
[3979] Microsoft Windows DirectShow memory corruption
[3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation
[3950] Microsoft Windows HTTP Service Numeric Error
[3939] Microsoft Windows 2000 DNS privilege escalation
[3938] Microsoft Windows 2000 SSL weak authentication
[3937] Microsoft Windows 2000 privilege escalation
[3895] Microsoft Windows GDI Image Parser memory corruption
[3894] Microsoft Windows GDI Image Parser Numeric Error
[3893] Microsoft Windows WordPad denial of service
[3866] Microsoft Windows SMB Authentication weak authentication
[3860] Microsoft Windows Path Canonicalisation EclipsedWing privilege escalation
[3853] Microsoft Windows Ancillary Function Driver privilege escalation
[3852] Microsoft Windows SMB memory corruption
[3851] Microsoft Windows IIS IPP Service Numeric Error
[3850] Microsoft Windows privilege escalation
[3849] Microsoft Windows denial of service
[3846] Microsoft Windows privilege escalation
[3845] Microsoft Windows 2000 SP4 Active Directory denial of service
[3822] Microsoft Windows GDI+ BMP Image Numeric Error
[3821] Microsoft Windows GDI+ WMF File Numeric Error
[3820] Microsoft Windows GDI+ GIF Image Numeric Error
[3819] Microsoft Windows GDI+ EMF File Numeric Error
[3818] Microsoft Windows GDI+ Numeric Error
[3812] Microsoft Windows Vista Bitlocker Password Output information disclosure
[3806] Microsoft Windows Color Management memory corruption
[3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure
[3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation
[3733] Microsoft Windows Active Directory privilege escalation
[3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation
[3730] Microsoft Windows Vista/XP privilege escalation
[3699] Microsoft Windows CE Image privilege escalation
[3686] Microsoft Windows privilege escalation
[3675] Microsoft Windows Kernel privilege escalation
[3674] Microsoft Windows ActiveX Control hxvz.dll privilege escalation
[3673] Microsoft Windows memory corruption
[3672] Microsoft Windows GDI WMF Color Depth memory corruption
[3603] Microsoft Windows NT 4.0/2000/XP/Vista OLE Automation privilege escalation
[3542] Microsoft Windows LSASS privilege escalation
[3541] Microsoft Windows ICMP Fragmentation memory corruption
[3540] Microsoft Windows IGMPv3/MLDv2 memory corruption
[3505] Microsoft Windows Vista Kernel Legacy Reply Path Validator privilege escalation
[3504] Microsoft Windows Message Queue memory corruption
[3500] Microsoft Windows Vista SMBv2 Signing privilege escalation
[3372] Microsoft Windows SharePoint Services cross site scripting
[3370] Microsoft Windows RPC Authentication denial of service
[3368] Microsoft Windows up to Vista NNTP Response memory corruption
[3367] Microsoft Windows Kodak Image Viewer privilege escalation
[3302] Microsoft Windows Services for UNIX privilege escalation
[3253] Microsoft Windows OLE Automation substringData memory corruption
[3242] Microsoft Windows VML Vector Markup Language memory corruption
[3223] Microsoft Windows Server 2003/XP URI privilege escalation
[3179] Microsoft Windows Active Directory denial of service
[3178] Microsoft Windows Active Directory memory corruption
[3177] Microsoft Windows Vista Firewall Teredo unknown vulnerability
[3128] Microsoft Windows Win32 API memory corruption
[3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption
[3005] Microsoft Windows XP memory corruption
[3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
[2991] Microsoft Windows Vista ATI Radeon Kernel Mode Driver denial of service
[2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption
[2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation
[2932] Microsoft Windows Malware Protection Engine Integer Coercion Error
[2925] Microsoft Windows HTML Help ActiveX Control memory corruption
[2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error
[2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
[2788] Microsoft Windows up to Vista CSRSS WINSRV.DLL MessageBox memory corruption
[2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability
[2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
[2737] Microsoft Windows Server 2003/XP Manifest privilege escalation
[2724] Microsoft Windows up to 10 Media Player memory corruption
[2717] Microsoft Windows 2000 Print Spooler denial of service
[2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
[2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
[2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error
[2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
[2684] Microsoft Windows 2000/XP Workstation Service memory corruption
[2659] Microsoft Windows 2000/XP GDI memory corruption
[2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
[2640] Microsoft Windows XP Windows NAT Helper Component ipnathlp.dll denial of service
[2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
[2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption
[2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption
[2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
[2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting
[2520] Microsoft Windows XP Pragmatic General Multicast privilege escalation
[2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption
[2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption
[2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation
[2433] Microsoft Windows 2000 Management Console cross site scripting
[2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption
[2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption
[2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption
[2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service
[2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation
[2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption
[2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption
[2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption
[2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation
[2310] Microsoft Windows 2000 RPC weak authentication
[2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption
[2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption
[2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption
[2305] Microsoft Windows Server 2003/XP ART Image memory corruption
[2295] Microsoft Windows 9/10 Media Player memory corruption
[2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption
[2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption
[2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption
[2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption
[2054] Microsoft Windows up to 10 Media Player memory corruption
[2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption
[2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption
[2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption
[2036] Microsoft Windows Server 2003/XP Service privilege escalation
[1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption
[1934] Microsoft Windows Server 2003/XP WMF File privilege escalation
[1917] Microsoft Windows NT 4.0/2000 unknown vulnerability
[1909] Microsoft Windows up to XP SP1 UPnP GetDeviceList denial of service
[1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error
[1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
[1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service
[1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption
[1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption
[1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting
[1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption
[1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption
[1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption
[1781] Microsoft Windows XP Wireless Zero Configuration WZCQueryInterface unknown vulnerability
[1726] Microsoft Windows XP SP2 unknown vulnerability
[1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption
[1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption
[1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service
[1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption
[1687] Microsoft Windows up to XP Telephony Application Programming Interface memory corruption
[1653] Microsoft Windows up to XP USB Driver memory corruption
[1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service
[1621] Microsoft Windows up to XP SP2 Kernel denial of service
[1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption
[1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption
[1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption
[1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting
[1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption
[1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication
[1411] Microsoft Windows up to XP SP2 Image denial of service
[1407] Microsoft Windows 2000 Web View webvw.dll memory corruption
[1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption
[1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption
[1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption
[1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption
[1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption
[1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption
[1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service
[1327] Microsoft Windows Server 2003 SMB denial of service
[1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service
[1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service
[1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption
[1195] Microsoft Windows 98/2000/ME/XP OLE File memory corruption
[1194] Microsoft Windows/Office up to XP COM File unknown vulnerability
[1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation
[1191] Microsoft Windows XP Hyperlink Object Library memory corruption
[1190] Microsoft Windows XP Named Pipe Connection memory corruption
[1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption
[1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption
[1088] Microsoft Windows up to XP SP2 HLP File winhlp32.exe memory corruption
[1087] Microsoft Windows up to XP SP2 ANI File memory corruption
[1086] Microsoft Windows up to XP SP2 LoadImage API memory corruption
[1076] Microsoft Windows 9 Media Player setItemInfo privilege escalation
[1075] Microsoft Windows 9 Media Player getItemInfoByAtom information disclosure
[1070] Microsoft Windows XP SP2 privilege escalation
[1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption
[1041] Microsoft Windows up to XP WINS Name Validator memory corruption
[1040] Microsoft Windows up to XP Local Security Authority Subsystem Service memory corruption
[1039] Microsoft Windows up to XP Local Procedure Call memory corruption
[1038] Microsoft Windows up to XP WordPad Word for Windows 6.0 Converter memory corruption
[1037] Microsoft Windows NT 4.0 DHCP Service memory corruption
[1036] Microsoft Windows NT 4.0 Server memory corruption
[1011] Microsoft Windows WINS memory corruption
[937] Microsoft Windows XP WAV Media File denial of service
[909] Microsoft Windows NT 4.0/2000/XP ASCII Editor unknown vulnerability
[908] Microsoft Windows XP JPEG ActiveX Image Control asycpict.dll denial of service
[900] Microsoft Windows grpconv.exe memory corruption
[899] Microsoft Windows memory corruption
[898] Microsoft Windows XP on 64-bit SMTP DNS Reply memory corruption
[897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption
[891] Microsoft Windows memory corruption
[890] Microsoft Windows denial of service
[889] Microsoft Windows memory corruption
[888] Microsoft Windows privilege escalation
[886] Microsoft Windows denial of service
[885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service
[884] Microsoft Windows NT 4.0 RPC Runtime Library denial of service
[883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption
[862] Microsoft Windows 2000/XP SYSTEM32 memory corruption
[860] Microsoft Windows 2000/XP Packet Fragmentation denial of service
[833] Microsoft Windows memory corruption
[792] Microsoft Windows up to XP SP2 Internet Download cmd.exe unknown vulnerability
[765] Microsoft Windows memory corruption
[764] Microsoft Windows NT 4.0/2000/XP Task Scheduler containing memory corruption
[763] Microsoft Windows NT 4.0/2000 POSIX Subsystem memory corruption
[761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption
[683] Microsoft Windows 2000 weak authentication
[664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption
[655] Microsoft Windows FTPD Sasser Worm memory corruption
[637] Microsoft Windows NetBIOS Share Name memory corruption
[618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability
[610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption
[609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption
[608] Microsoft Windows NT 4.0/2000 Virtual DOS Machine denial of service
[607] Microsoft Windows NT 4.0/2000/XP Local Descriptor Table privilege escalation
[606] Microsoft Windows XP Taskmanager memory corruption
[605] Microsoft Windows 2000 Utility Manager memory corruption
[604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption
[603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error
[602] Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption
[601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption
[600] Microsoft Windows 2000 Domain Controller memory corruption
[599] Microsoft Windows up to Server 2003 LSASS Request memory corruption
[598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability
[597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service
[596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service
[564] Microsoft Windows XP on WinXP WMF File explorer.exe denial of service
[530] Microsoft Windows XP EMF File shimgvw.dll Integer Coercion Error
[518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability
[516] Microsoft Windows up to XP SP1 BMP Image imgbmp.cxx memory corruption
[509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation
[508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error
[491] Microsoft Windows XP .folder memory corruption
[441] Microsoft Windows SHELL32.DLL memory corruption
[414] Microsoft Windows XP BIOS Date Reset denial of service
[383] Microsoft Windows 2000/XP Workstation Service memory corruption
[350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption
[348] Microsoft Windows XP CommCtl32.dll memory corruption
[332] Microsoft Windows NT 4.0/2000/XP Messenger Service memory corruption
[331] Microsoft Windows 2000/XP RPCSS race condition
[328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption
[323] Microsoft Windows Server 2003 Shell Folder information disclosure
[318] Microsoft Windows Media Player 6.4/7/7.1/9 unknown vulnerability
[312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability
[286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability
[278] Microsoft Windows XP ZIP Manager memory corruption
[277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption
[270] Microsoft Windows XP SP1 TCP Packet unknown vulnerability
[269] Microsoft Windows up to 98 SP1 UDP Fragment denial of service
[261] Microsoft Windows NT 4.0 NetBIOS information disclosure
[249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption
[193] Microsoft Windows up to 8.x Media Player unknown vulnerability
[179] Microsoft Windows XP desktop.ini memory corruption
[178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption
[175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service
[165] Microsoft Windows NT 4.0/2000/XP SMB memory corruption
[164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption
[158] Microsoft Windows 2000/XP rundll32.exe memory corruption
[155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service
[154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability
[153] Microsoft Windows 2000 Terminal Service unknown vulnerability
[151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service
[150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability
[149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption
[146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption
[145] Microsoft Windows 2000 Active Directory weak authentication
[135] Microsoft Windows 2000 API ShellExecute memory corruption
[134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption
[124] Microsoft Windows 5 Media Service ISAPI Extension /scripts memory corruption
[123] Microsoft Windows 9 Media Player privilege escalation
[71] Microsoft Windows Media Player unknown vulnerability
[69] Microsoft Windows XP Internet Connection Firewall unknown vulnerability
[61] Microsoft Windows XP Media Player 7.1 privilege escalation
[41] Microsoft Windows Form Input Type denial of service
[9] Microsoft Windows riched20.dll memory corruption
[8] Microsoft Windows NT 4.0/2000 cmd.exe cd memory corruption
[4] Microsoft Windows 2000 NetBIOS denial of service
[176821] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission
[176798] F5 BIG-IP APM/BIG-IP APM Clients Windows Installer cachecleaner.dll uncontrolled search path
[176770] Apache HTTP Server up to 2.4.46 on Windows denial of service
[176667] McAfee Data Loss Prevention on Windows ePO Administrator Extension cross site scripting
[176519] Microsoft Malware Protection Engine unknown vulnerability
[176516] Microsoft Malware Protection Engine denial of service
[176504] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[176503] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure
[176502] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[176501] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[176489] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[176488] Microsoft Outlook 2013 RT SP1/2013 SP1/2016/2019 unknown vulnerability
[176487] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[176481] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability
[176480] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability
[176479] Microsoft Office Excel unknown vulnerability
[176478] Microsoft Visual Studio Code Kubernetes Tools unknown vulnerability
[176475] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[176350] Cisco WebEx Player on Windows/macOS WRF File memory corruption
[176349] Cisco WebEx Player on Windows/macOS WRF File memory corruption
[176060] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe improper authentication
[176058] Backdoor.Win32.NerTe.772 Service Port 21 C:\WINDOWS\scanregs.exe backdoor
[176028] Citrix Workspace App on Windows access control
[175481] PuTTY up to 0.74 on Windows Title denial of service
[174872] Microsoft Visual Studio up to 2019 Version 16.9 unknown vulnerability
[174869] Microsoft Dynamics 365 for Finance and Operations unknown vulnerability
[174860] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure
[174859] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[174858] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure
[174857] Microsoft Office/Excel information disclosure
[174856] Microsoft Office/Excel unknown vulnerability
[174855] Microsoft Office unknown vulnerability
[174854] Microsoft Office/Excel 365 Apps for Enterprise up to Online Server unknown vulnerability
[174853] Microsoft Office/Excel information disclosure
[174852] Microsoft Office/Excel unknown vulnerability
[174851] Microsoft Office/Word Graphics unknown vulnerability
[174850] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[174838] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability
[174837] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability
[174836] Microsoft .NET/Visual Studio unknown vulnerability
[174834] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability
[174832] Microsoft Exchange Server 2013 CU23/2016 CU16/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability
[174831] Microsoft Visual Studio Code unknown vulnerability
[174830] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability
[174829] Microsoft Visual Studio Code unknown vulnerability
[174828] Microsoft Lync Server/Skype for Business Server 2013 CU10/2015 CU11 unknown vulnerability
[174827] Microsoft Lync/Skype for Business Server 2013 CU10/2015 CU11/2019 CU5 unknown vulnerability
[174825] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[174823] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[174822] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability
[174820] Microsoft Accessibility Insights for Web information disclosure
[174540] Dell EMC Integrated System for Microsoft Azure Stack Hub up to 2011 hard-coded credentials
[174247] Aviatrix VPN Client up to 2.14.13 on Windows unquoted search path
[174028] Apple macOS up to 11.2.3 Windows Server permission
[173303] NVIDIA Windows GPU Display Driver R390 on Windows Installer unknown vulnerability
[173302] NVIDIA Windows GPU Display Driver on Windows Kernel Driver nvlddmkm.sys null pointer dereference
[173301] NVIDIA Windows GPU Display Driver on Windows Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape unknown vulnerability
[173271] NVIDIA GPU Display Driver R450/R460 on Windows/Linux Reference denial of service
[173251] NVIDIA GPU Display Driver on Windows/Linux Kernel Mode Layer nvlddmkm.sys unknown vulnerability
[173176] HEUR.Backdoor.Win32.Generic Service Port 1080 C:\WINDOWS\1314.exe backdoor
[172951] Microsoft Azure DevOps Server/Team Foundation Server information disclosure
[172871] Microsoft Kubernetes Tools on Visual Studio unknown vulnerability
[172870] Microsoft Office 365 Apps for Enterprise up to 2019 Excel unknown vulnerability
[172869] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Update denial of service
[172868] Microsoft Office Excel unknown vulnerability
[172867] Microsoft Outlook memory corruption
[172866] Microsoft Word/Office/SharePoint unknown vulnerability
[172865] Microsoft Office Excel unknown vulnerability
[172863] Microsoft Visual Studio Code unknown vulnerability
[172861] Microsoft Azure DevOps Server 2020.0.1 unknown vulnerability
[172859] Microsoft Visual Studio Code unknown vulnerability
[172858] Microsoft GitHub Pull Requests and Issues Extension on Visual Studio unknown vulnerability
[172857] Microsoft Visual Studio Code Remote Development Extension unknown vulnerability
[172856] Microsoft Maven for Java Extension on Visual Studio unknown vulnerability
[172855] Microsoft Visual Studio Code unknown vulnerability
[172854] Microsoft Visual Studio Code unknown vulnerability
[172853] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability
[172852] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability
[172851] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability
[172850] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability
[172844] Microsoft Visual Studio Code unknown vulnerability
[172739] Zoom Chat up to 2021-04-09 on Windows/macOS unknown vulnerability
[172680] Dolby Audio X2 API on Windows unknown vulnerability
[172627] Cisco Advanced Malware Protection/Immunet on Windows DLL Loader uncontrolled search path
[172514] MongoDB Compass up to 1.2.x/1.24.x on Windows privileges management
[171498] PostgreSQL 11.0/11.1/11.2 Windows Installer access control
[171497] PostgreSQL 11.0/11.1/11.2 Windows Installer access control
[171261] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management
[171260] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure privileges management
[171259] SSH Tectia Client up to 6.4.18 on Windows ConnectSecure entropy
[170987] Microsoft Visual Studio Code unknown vulnerability
[170986] Microsoft Visual Studio Code Java Extension Pack unknown vulnerability
[170985] Microsoft Visual Studio Code ESLint Extension unknown vulnerability
[170982] Microsoft Visual Studio Code Remote Containers Extension unknown vulnerability
[170974] Microsoft SharePoint Server/Office Web Apps 2010 SP2/2013 SP1/2016/2019 unknown vulnerability
[170973] Microsoft SharePoint Server/Office Web Apps 2016/2019 information disclosure
[170972] Microsoft Office 365 Apps for Enterprise up to 2019 PowerPoint unknown vulnerability
[170971] Microsoft Power BI Report Server 15.0.1103.234/15.0.1104.300 information disclosure
[170970] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 unknown vulnerability
[170969] Microsoft Office 365 Apps for Enterprise up to Web Apps 2013 SP1 unknown vulnerability
[170968] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability
[170959] Microsoft Office Excel unknown vulnerability
[170958] Microsoft Office Excel unknown vulnerability
[170945] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.9 Git link following
[170910] Microsoft Azure Spring Cloud information disclosure
[170596] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[170595] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[170594] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[170593] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[170592] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[170591] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[170590] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[170102] Cisco AnyConnect Secure Mobility Client on Windows Interprocess Communication uncontrolled search path
[169953] Nagios XI 5.7.5 HTTP Request windowswmi.inc.php os command injection
[169911] F5 BIG-IP APM Client Troubleshooting Utility up to 7.1.8.4/7.1.9.7/7.2.1.0 on Windows Edge Client untrusted search path
[169508] Microsoft Visual Studio Code npm-script Extension unknown vulnerability
[169507] Microsoft Visual Studio up to 2017 15.9/2019 16.8 unknown vulnerability
[169504] Microsoft Lync Server/Skype for Business Server denial of service
[169503] Microsoft Lync Server/Skype for Business Server unknown vulnerability
[169496] Microsoft Teams on iOS information disclosure
[169495] Microsoft SharePoint 2013 SP1/2016/2019 unknown vulnerability
[169494] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability
[169493] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability
[169492] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 information disclosure
[169491] Microsoft Office unknown vulnerability
[169490] Microsoft Office unknown vulnerability
[169489] Microsoft Office unknown vulnerability
[169488] Microsoft Office unknown vulnerability
[169486] Microsoft Exchange Server 2016 CU18/2019 CU7 unknown vulnerability
[169485] Microsoft Exchange Server 2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability
[169481] Microsoft Azure Kubernetes Service unknown vulnerability
[169478] Microsoft .NET Framework 4.6 up to 4.8 denial of service
[169477] Microsoft .NET Core/Visual Studio denial of service
[169178] SolarWinds Serv-U up to 15.2.1 on Windows Home Directory permission
[169027] Cloudflare WARP on Windows unquoted search path
[168806] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read
[168805] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read
[168804] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds read
[168803] Apple iCloud up to 11.5 on Windows ImageIO out-of-bounds write
[168758] Google Go up to 1.14.13/1.15.6 on Windows Fetch Module command injection
[168122] Backdoor.Win32.Whisper.b Service Port 113 C:\Windows\rundll32.exe stack-based overflow
[167993] Apache Tomcat up to 7.0.106/8.5.59/9.0.39/10.0.0-M9 on Windows NTFS File System File.getCanonicalPath information disclosure
[167778] SAP NetWeaver Master Data Management 7.10/710/750 on Windows information disclosure
[167666] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.8 cross site scripting
[167653] Microsoft Word unknown vulnerability
[167652] Microsoft Word out-of-bounds write
[167650] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation
[167649] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation
[167648] Microsoft SharePoint Foundation 2010 SP2 unknown vulnerability
[167647] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 unknown vulnerability
[167646] Microsoft SharePoint Server 2016/2019 privileges management
[167645] Microsoft SharePoint Server 2013 SP/2016/2019 privileges management
[167644] Microsoft SQL Server 2012 SP4/2014 SP3/2016 SP2/2017 CU22/2019 CU8 sql injection
[167643] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability
[167642] Microsoft Excel unknown vulnerability
[167641] Microsoft Excel memory corruption
[167627] Microsoft ASP.NET Core/Visual Studio denial of service
[167473] Backdoor.Win32.Ketch.b HTTP GET Request c:\Windows\watchb.tmp buffer overflow
[167427] Backdoor.Win32.NinjaSpy.c HTTP PUT C:\WINDOWS\cmd.dll buffer overflow
[167318] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows OpenSSL Library permission
[167312] Veritas NetBackup/OpsCenter up to 8.3.0.1 on Windows permission
[167311] Veritas CloudPoint on Windows Windows Agent openssl.cnf permission
[161959] Apple iCloud up to 11.3 on Windows WebKit Universal cross site scripting
[161744] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[161743] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[161742] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[161297] PostgreSQL up to 12 on Windows Installer privilege escalation
[160966] Microsoft SQL Server 2017/2019 Reporting Services privilege escalation
[160964] Microsoft Visual Studio Code JSON privilege escalation
[160953] Microsoft Visual Studio memory corruption
[160952] Microsoft Office 2016/2019 on macOS information disclosure
[160945] Microsoft Excel up to 2019 memory corruption
[160941] Microsoft SharePoint Server 2013 SP1 cross site scripting
[160938] Microsoft SharePoint Server 2019 Profile Data privilege escalation
[160937] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
[160933] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
[160931] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Profile Data privilege escalation
[160929] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
[160928] Microsoft Office Word privilege escalation
[160927] Microsoft Excel up to 2019 memory corruption
[160926] Microsoft Office up to 2019 Excel memory corruption
[160919] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
[160918] Microsoft SharePoint Server Excel information disclosure
[160917] Microsoft Office Word privilege escalation
[160916] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
[160915] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
[160914] Microsoft Office up to 2019 Excel memory corruption
[160859] Microsoft Visual Studio privilege escalation
[160857] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation
[160856] Microsoft SharePoint Server 2013 SP1/2016/2019 API information disclosure
[160854] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure
[160852] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 ASP.Net Web Control privilege escalation
[160851] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure
[160850] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure
[160846] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure
[160845] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure
[160590] Trend Micro OfficeScan XG SP1 on Windows privilege escalation
[160103] Cisco Webex Meetings Desktop App on Windows directory traversal
[159979] Microsoft Dynamics 365 for Finance/Operations 10.0.11 privilege escalation
[159890] Apple iCloud up to 11.2 on Windows WebKit Page Loading weak authentication
[159889] Apple iCloud up to 11.2 on Windows WebKit privilege escalation
[159888] Apple iCloud up to 11.2 on Windows WebKit memory corruption
[159887] Apple iCloud up to 11.2 on Windows WebKit memory corruption
[159886] Apple iCloud up to 11.2 on Windows WebKit Universal cross site scripting
[159885] Apple iCloud up to 11.2 on Windows WebKit CSP privilege escalation
[159884] Apple iCloud up to 11.2 on Windows WebKit memory corruption
[159883] Apple iCloud up to 11.2 on Windows ImageIO Integer Coercion Error
[159882] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159881] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159880] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159879] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159878] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159877] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159876] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159875] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159874] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159873] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159872] Apple iCloud up to 11.2 on Windows ImageIO memory corruption
[159870] Apple iCloud up to 7.19 on Windows WebKit Page Loading weak authentication
[159869] Apple iCloud up to 7.19 on Windows WebKit privilege escalation
[159868] Apple iCloud up to 7.19 on Windows WebKit memory corruption
[159867] Apple iCloud up to 7.19 on Windows WebKit memory corruption
[159866] Apple iCloud up to 7.19 on Windows WebKit Universal cross site scripting
[159865] Apple iCloud up to 7.19 on Windows WebKit CSP privilege escalation
[159864] Apple iCloud up to 7.19 on Windows WebKit memory corruption
[159863] Apple iCloud up to 7.19 on Windows ImageIO Integer Coercion Error
[159862] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159861] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159860] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159859] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159858] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159857] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159856] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159855] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159854] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159853] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159852] Apple iCloud up to 7.19 on Windows ImageIO memory corruption
[159613] Microsoft SQL Server Management Studio 18.6 privilege escalation
[159611] Microsoft SharePoint Enterprise Server/SharePoint Server privilege escalation
[159609] Microsoft SharePoint Foundation cross site scripting
[159607] Microsoft Visual Studio Code Environment Variable privilege escalation
[159606] Microsoft Excel up to 2019 memory corruption
[159602] Microsoft SharePoint Foundation privilege escalation
[159599] Microsoft Excel up to 2019 information disclosure
[159598] Microsoft Office 365 Apps for Enterprise/2013 C2R/2019 privilege escalation
[159596] Microsoft Excel 2010 SP2 memory corruption
[159586] Microsoft SharePoint Foundation privilege escalation
[159578] Microsoft Outlook up to 2019 information disclosure
[159577] Microsoft Word 365 Apps for Enterprise/2019 information disclosure
[159576] Microsoft Excel memory corruption
[159575] Microsoft SharePoint Foundation information disclosure
[159569] Microsoft Word up to 2019 information disclosure
[159565] Microsoft SharePoint Foundation Office cross site scripting
[159549] Microsoft Word up to 2019 information disclosure
[159547] Microsoft Excel up to 2019 memory corruption
[159544] Microsoft Excel up to 2019 memory corruption
[159538] Microsoft Office memory corruption
[159533] Microsoft Access memory corruption
[159514] Microsoft .NET Framework up to 4.8 Cache File privilege escalation
[159510] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4.7.2/4.8 privilege escalation
[159498] Microsoft Office/Outlook/365 Apps for Enterprise memory corruption
[159000] Citrix Workspace App 1912 CU1/2006.1 on Windows Automatic Updater Service privilege escalation
[157967] Microsoft Visual Studio Code ESLint Extension privilege escalation
[157965] Microsoft Lync/Skype for Business Server/SharePoint OAuth Token privilege escalation
[157912] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting
[157911] Microsoft SharePoint 2013 SP1/2016/2019 Email Parser privilege escalation
[157910] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting
[157909] Microsoft SharePoint 2013 SP1/2016/2019 privilege escalation
[157908] Microsoft Office/SharePoint information disclosure
[157907] Microsoft SharePoint 2016/2019 cross site scripting
[157906] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Office cross site scripting
[157905] Microsoft Office/SharePoint Word memory corruption
[157904] Microsoft Office/SharePoint Word memory corruption
[157903] Microsoft Office/Project Markup File Origin Validation Error
[157902] Microsoft Office Online Server/Office Web Apps cross site scripting
[157899] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 PerformancePoint Services privilege escalation
[157898] Microsoft Outlook up to 2019 memory corruption
[157897] Microsoft Office/SharePoint Word memory corruption
[157896] Microsoft Office/SharePoint information disclosure
[157877] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1/2019.0.1 cross site scripting
[156389] Microsoft Visual Studio Code Live Share Extension information disclosure
[156338] Microsoft SharePoint Foundation cross site scripting
[156337] Microsoft SharePoint Foundation cross site scripting
[156336] Microsoft SharePoint Foundation privilege escalation
[156335] Microsoft SharePoint Foundation cross site scripting
[156334] Microsoft SharePoint Foundation Redirect
[156333] Microsoft SharePoint Foundation cross site scripting
[156332] Microsoft SharePoint Foundation privilege escalation
[156331] Microsoft SharePoint Foundation cross site scripting
[156330] Microsoft SharePoint Foundation cross site scripting
[156329] Microsoft SharePoint Foundation cross site scripting
[156328] Microsoft SharePoint Foundation ASP.Net Web Control privilege escalation
[156327] Microsoft SharePoint Foundation 2010 SP2 cross site scripting
[156326] Microsoft Project information disclosure
[156325] Microsoft Office memory corruption
[156324] Microsoft Office up to 2019 for Mac Outlook information disclosure
[156323] Microsoft Excel up to 2019 for Mac memory corruption
[156322] Microsoft Excel up to 2019 for Mac memory corruption
[156299] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1 privilege escalation
[156298] Microsoft Bing Search on Android weak authentication
[156297] Microsoft Word on Android privilege escalation
[155805] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption
[155804] Apple iCloud up to 7.18/11.1 on Windows WebKit cross site scripting
[155803] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation
[155802] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption
[155801] Apple iCloud up to 7.18/11.1 on Windows WebKit memory corruption
[155800] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation
[155799] Apple iCloud up to 7.18/11.1 on Windows WebKit Universal cross site scripting
[155798] Apple iCloud up to 7.18/11.1 on Windows WebKit privilege escalation
[155796] Apple iCloud up to 7.18/11.1 on Windows ImageIO information disclosure
[155795] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption
[155794] Apple iCloud up to 7.18/11.1 on Windows ImageIO memory corruption
[155164] Microsoft Power BI Report Server privilege escalation
[155163] Microsoft Visual Studio Code Python Extension privilege escalation
[155159] Microsoft Visual Studio/ASP.NET Core privilege escalation
[155125] Microsoft .NET Core/.NET Framework denial of service
[155124] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
[155123] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
[155122] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[155121] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
[155120] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
[155119] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
[155118] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
[155098] Microsoft .NET Framework 3.0 SP2/3.5.1 privilege escalation
[155083] Microsoft Excel memory corruption
[155082] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 information disclosure
[155081] Microsoft Visual Studio Code Python Extension privilege escalation
[155070] Microsoft SharePoint Enterprise Server 2016/2019 Source Markup privilege escalation
[155069] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 ASP.Net Web Control memory corruption
[155068] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation
[155067] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation
[155040] F5 BIG-IP Edge Client 7.1.5/7.1.6/7.1.7/7.1.8/7.1.9 on Windows ActiveX Component memory corruption
[154622] Handy Groupware 1.7.3.1 on Windows ActiveX Control HShell.dll ShellExec privilege escalation
[154327] HPE Onboard Administrator 4.95 on Linux/Windows Reflected cross site scripting
[154022] Aviatrix OpenVPN Client up to 2.5.7 on Linux/macOS/Windows OpenSSL Parameter privilege escalation
[153744] Intel PROSet/Wireless WiFi up to 21.69 on Windows 10 Kernel Mode Driver memory corruption
[153285] Microsoft Research JavaScript Cryptography Library 1.4 ECC Incorrect Calculation
[153271] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation
[153262] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[153254] Microsoft Office/SharePoint/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
[153253] Microsoft Office 365 ProPlus Excel memory corruption
[153252] Microsoft SharePoint Enterprise Server cross site scripting
[153251] Microsoft SharePoint Enterprise Server privilege escalation
[153250] Microsoft privilege escalation
[153249] Microsoft SharePoint Enterprise Server privilege escalation
[153248] Microsoft SharePoint Enterprise Server cross site scripting
[153247] Microsoft SharePoint Enterprise Server privilege escalation
[153246] Microsoft SharePoint Enterprise Server Application Package privilege escalation
[153242] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
[153238] Microsoft SharePoint Enterprise Server cross site scripting
[153222] Microsoft SharePoint Enterprise Server cross site scripting
[153221] Microsoft SharePoint Enterprise Server cross site scripting
[153220] Microsoft SharePoint Enterprise Server cross site scripting
[153219] Microsoft SharePoint Enterprise Server cross site scripting
[153218] Microsoft SharePoint Enterprise Server cross site scripting
[153217] Microsoft SharePoint Enterprise Server cross site scripting
[153216] Microsoft SharePoint Enterprise Server Source Markup privilege escalation
[153211] Microsoft Office/Excel/Office 365 memory corruption
[153210] Microsoft Visual Studio up to 2019 Version 16.5 Extension Installer Service privilege escalation
[153209] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.4/2019 16.5 Updater Service privilege escalation
[153194] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation
[153192] Microsoft SharePoint Enterprise Server/SharePoint Server Application Package privilege escalation
[153186] Microsoft SharePoint Enterprise Server/SharePoint Server cross site scripting
[153179] Microsoft SharePoint Enterprise Server Application Package privilege escalation
[153178] Microsoft SharePoint Enterprise Server Application Package privilege escalation
[153177] Microsoft SharePoint Enterprise Server Application Package privilege escalation
[152629] Apple iCloud up to 7.17 on Windows WebKit Page Loading Incorrect Control Flow
[152628] Apple iCloud up to 7.17 on Windows WebKit cross site scripting
[152627] Apple iCloud up to 7.17 on Windows WebKit denial of service
[152626] Apple iCloud up to 7.17 on Windows WebKit privilege escalation
[152625] Apple iCloud up to 7.17 on Windows WebKit memory corruption
[152624] Apple iCloud up to 7.17 on Windows WebKit race condition
[152623] Apple iCloud up to 7.17 on Windows WebKit memory corruption
[152622] Apple iCloud up to 7.17 on Windows WebKit memory corruption
[152621] Apple iCloud up to 7.17 on Windows WebKit privilege escalation
[152620] Apple iCloud up to 7.17 on Windows WebKit privilege escalation
[152619] Apple iCloud up to 7.17 on Windows libxml2 memory corruption
[152618] Apple iCloud up to 7.17 on Windows libxml2 memory corruption
[152617] Apple iCloud up to 7.17 on Windows libxml2 memory corruption
[152616] Apple iCloud up to 10.9.2 on Windows WebKit Page Loading Incorrect Control Flow
[152615] Apple iCloud up to 10.9.2 on Windows WebKit cross site scripting
[152614] Apple iCloud up to 10.9.2 on Windows WebKit denial of service
[152613] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption
[152612] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation
[152611] Apple iCloud up to 10.9.2 on Windows WebKit race condition
[152610] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption
[152609] Apple iCloud up to 10.9.2 on Windows WebKit memory corruption
[152608] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation
[152607] Apple iCloud up to 10.9.2 on Windows WebKit privilege escalation
[152606] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption
[152605] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption
[152604] Apple iCloud up to 10.9.2 on Windows libxml2 memory corruption
[152283] Serendipity up to 2.3.3 on Windows privilege escalation
[151931] signotec signoPAD-API-Web up to 3.1.0 on Windows WebSocket privilege escalation
[151173] Microsoft Exchange Server 2016 CU14/2016 CU15/2019 CU3/2019 CU4 cross site scripting
[151168] Microsoft SharePoint Enterprise Server cross site scripting
[151167] Microsoft SharePoint Enterprise Server cross site scripting
[151166] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption
[151165] Microsoft SharePoint Enterprise Server cross site scripting
[151162] Microsoft Visual Studio up to 2017 Version 15.9/2019 version 16.4 weak encryption
[151130] Microsoft Azure DevOps Server 2019 Update 1.1 Pipeline Job Token privilege escalation
[151117] Microsoft Business Productivity Servers cross site scripting
[151114] Microsoft Visual Studio up to 2019 Version 16.4 Extension Installer Service privilege escalation
[151093] Microsoft Azure DevOps Server/Team Foundation Server Pipeline Job Token privilege escalation
[151092] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[151090] Microsoft IIS privilege escalation
[151089] Microsoft Office 365 ProPlus/2019 for Mac Word memory corruption
[151088] Microsoft Office 2016 for Mac/2019/Online Server Word memory corruption
[151087] Microsoft Office 365 ProPlus/2016 for Mac Word memory corruption
[151086] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 Word memory corruption
[150860] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation
[150859] Cisco WebEx Network Recording Player/Webex Player on Windows privilege escalation
[150766] Apple iCloud on Windows CoreCrypto denial of service
[150765] Apple iCloud on Windows CoreCrypto denial of service
[150715] PHP up to 7.3.14/7.4.2 on Windows PHAR File information disclosure
[150694] Apple iCloud up to 10.9.1 on Windows WebKit Page Loading memory corruption
[150692] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption
[150691] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption
[150690] Apple iCloud up to 10.9.1 on Windows WebKit memory corruption
[150689] Apple iCloud up to 10.9.1 on Windows WebKit Universal cross site scripting
[150688] Apple iCloud up to 10.9.1 on Windows libxml2 privilege escalation
[150687] Apple iCloud up to 10.9.1 on Windows ImageIO information disclosure
[150614] Apple iCloud up to 7.16 on Windows WebKit Page Loading DOM-Based memory corruption
[150613] Apple iCloud up to 7.16 on Windows WebKit memory corruption
[150612] Apple iCloud up to 7.16 on Windows WebKit memory corruption
[150611] Apple iCloud up to 7.16 on Windows WebKit memory corruption
[150610] Apple iCloud up to 7.16 on Windows WebKit Universal cross site scripting
[150609] Apple iCloud up to 7.16 on Windows libxml2 privilege escalation
[150608] Apple iCloud up to 7.16 on Windows ImageIO information disclosure
[150052] IBM Cloud CLI up to 0.16.1 Windows Installer weak authentication
[149969] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
[149968] Microsoft Office up to 2019 Excel memory corruption
[149918] Microsoft Office 365 ProPlus OLicenseHeartbeat privilege escalation
[149917] Microsoft Office up to 2019 Security Feature privilege escalation
[149916] Microsoft Office Online Server privilege escalation
[149915] Microsoft SharePoint Enterprise Server 2013 P1/2016/2019 cross site scripting
[149914] Microsoft Exchange Server 2013 CU23/2016 CU14/2016 CU15/2019 CU3/2019 CU4 Exchange Web Services privilege escalation
[149507] CPython up to 3.8.1 on Windows 7 Dependency Load api-ms-win-core-path-l1-1-0.dll privilege escalation
[149361] Cisco Webex Teams Client on Windows denial of service
[149313] Microsoft Outlook on Android Email privilege escalation
[148624] Microsoft .NET Framework up to 4.8 privilege escalation
[148623] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation
[148622] Microsoft .NET Core/.NET Framework Source Markup File privilege escalation
[148619] Microsoft Office 365 ProPlus Excel memory corruption
[148618] Microsoft Office up to 2019 for Mac memory corruption
[148617] Microsoft Excel up to 2019 for Mac memory corruption
[148616] Microsoft Excel up to 2019 for Mac memory corruption
[148615] Microsoft Office Online Server privilege escalation
[148306] cURL up to 7.67.x on Windows File privilege escalation
[147595] PHP up to 7.3.12 on Windows Header mail memory corruption
[147591] PHP up to 7.2.25/7.3.12 on Windows Filename link memory corruption
[147443] Apple iCloud 7.13/10.6 on Windows memory corruption
[147439] Apple iCloud 7.13/10.6 on Windows Text File information disclosure
[147436] Apple iCloud 7.13/10.6 on Windows memory corruption
[147434] Apple iCloud 7.13/10.6 on Windows memory corruption
[147432] Apple iCloud 7.13/10.6 on Windows memory corruption
[147430] Apple iCloud 7.13/10.6 on Windows State Management Universal cross site scripting
[147427] Apple iCloud 7.13/10.6 on Windows memory corruption
[147425] Apple iClouds 7.13/10.6 on Windows State Management Universal cross site scripting
[147033] Microsoft Visual Studio Git privilege escalation
[147032] Microsoft Visual Studio Git privilege escalation
[147031] Microsoft Visual Studio Git privilege escalation
[147030] Microsoft Visual Studio Git privilege escalation
[147029] Microsoft Visual Studio Git privilege escalation
[147028] Microsoft Visual Studio Git privilege escalation
[146927] Microsoft Skype for Business Server 2019 CU2 privilege escalation
[146922] Microsoft Authentication Library up to 0.3.1-Alpha on Android information disclosure
[146920] Microsoft Visual Studio 2019 Redirect
[146866] Microsoft Office up to 2019 Excel information disclosure
[146865] Microsoft Office up to 2019 Access information disclosure
[146864] Microsoft Office up to 2019 PowerPoint privilege escalation
[146863] Microsoft Office up to 2019 Word privilege escalation
[146861] Microsoft Office up to 2019 Access information disclosure
[146860] Microsoft Power BI Report Server cross site scripting
[146853] Lenovo Energy Management Driver up to 15.11 on Windows 10 privilege escalation
[146803] Microsoft Visual Studio 2008 Express XML External Entity
[146800] Microsoft Excel XML Import XML External Entity
[146332] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[146331] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[145418] Microsoft Office 2016/2019 on Mac Excel privilege escalation
[145401] Microsoft Office 365 ProPlus/2019 ClickToRun Security Feature privilege escalation
[145400] Microsoft Office up to 2019 Excel memory corruption
[145399] Microsoft Office Online Server privilege escalation
[145398] Microsoft Office up to 2019 Excel information disclosure
[145397] Microsoft Office Online Server privilege escalation
[145396] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Upload privilege escalation
[145395] Microsoft SharePoint Server 2019 Security Feature privilege escalation
[145385] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.3 Archive privilege escalation
[145368] Microsoft Office up to 2019 information disclosure
[145347] Microsoft Azure Stack User Portal weak authentication
[145343] Microsoft Exchange Server 2013 CU23/2016 CU13/2016 CU14/2019 CU2/2019 CU3 Metadata privilege escalation
[144649] Apple iCloud up to 10.7 on Windows WebKit Process Model memory corruption
[144648] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144647] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144646] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144645] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144644] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144643] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144642] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144641] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144640] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144639] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144638] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144637] Apple iCloud up to 10.7 on Windows WebKit memory corruption
[144636] Apple iCloud up to 10.7 on Windows WebKit Universal cross site scripting
[144635] Apple iCloud up to 10.7 on Windows libxslt memory corruption
[144633] Apple iCloud up to 7.14 on Windows WebKit Process Model memory corruption
[144632] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144631] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144630] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144629] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144628] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144627] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144626] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144625] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144624] Apple iCloud up to 7.14 on Windows WebKit memory corruption
[144412] PostgreSQL up to 9.4.23/9.5.18/9.6.14/10.9/11.4 on Windows Installer privilege escalation
[143123] Microsoft SQL Server Management Studio 18.3.1 Permission privilege escalation
[143095] Microsoft Excel up to 2019 for Mac memory corruption
[143094] Microsoft SharePoint Foundation Impersonation privilege escalation
[143093] Microsoft cross site scripting
[143092] Microsoft cross site scripting
[143091] Microsoft Excel up to 2019 for Mac memory corruption
[143078] Microsoft SQL Server Management Studio 18.3/18.3.1 Permission privilege escalation
[143074] Microsoft cross site scripting
[143070] Microsoft Azure App Service Sandbox memory corruption
[141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
[141638] Microsoft Team Foundation Server/Azure DevOps Server cross site scripting
[141633] Microsoft Excel up to 2019 memory corruption
[141613] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 Outlook Web App privilege escalation
[141612] Microsoft Yammer on Android Security Feature Policy privilege escalation
[141611] Microsoft Office up to 2019 Security Feature privilege escalation
[141610] Microsoft Excel up to 2019 information disclosure
[141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
[141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
[141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
[141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 memory corruption
[141583] Microsoft Lync Server 2013 Conference information disclosure
[141582] Microsoft .NET Framework up to 4.8 Common Language Runtime privilege escalation
[141576] Microsoft Team Foundation Server/Azure DevOps Server privilege escalation
[141566] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 API privilege escalation
[141565] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 API privilege escalation
[141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup privilege escalation
[141382] LibreOffice up to 6.2.6/6.3.2 on Windows LibreLogo privilege escalation
[141274] Cisco Webex Teams Client on Windows privilege escalation
[141188] MongoDB up to 3.4.21/3.6.13/4.0.10 on Windows OpenSSL privilege escalation
[140144] Tenable Nessus up to 8.5.2 on Windows privilege escalation
[140066] Microsoft NuGet/ADAL.NET Azure Active Directory privilege escalation
[139961] Microsoft Outlook on iOS Email privilege escalation
[139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
[139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
[139929] Microsoft Forefront Endpoint Protection MpSigStub.exe privilege escalation
[139904] Microsoft Word 365 ProPlus/2016/2019 memory corruption
[139903] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 privilege escalation
[139902] Microsoft Word up to 2019 memory corruption
[139901] Microsoft Outlook up to 2019 memory corruption
[139877] Microsoft Outlook up to 2019 memory corruption
[139664] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[139663] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[139662] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[139661] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[139660] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[139659] Cisco WebEx Network Recording Player/Webex Player on Windows ARF File memory corruption
[139587] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption
[139586] NVIDIA Windows GPU Display Driver DirectX Driver memory corruption
[138937] Microsoft Outlook on Android Message Parser privilege escalation
[138718] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting
[138717] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138716] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138715] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138714] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138713] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138712] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138711] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138710] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138709] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138708] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138707] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138706] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138705] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138704] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138703] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138702] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138701] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138700] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138699] Apple iCloud up to 7.12/10.5 on Windows WebKit memory corruption
[138698] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal cross site scripting
[138697] Apple iCloud up to 7.12/10.5 on Windows WebKit Universal information disclosure
[138696] Apple iCloud up to 7.12/10.5 on Windows libxslt privilege escalation
[137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
[137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
[137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
[137572] Microsoft Excel 365 ProPlus/2019 information disclosure
[137571] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
[137570] Microsoft Excel 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
[137569] Microsoft Office 365 ProPlus/2013 RT SP1/2013 SP1/2016/2019 JavaScript privilege escalation
[137551] Microsoft Exchange Server Display Name Invisible information disclosure
[137550] Microsoft .NET Framework up to 4.8 Common Object Runtime Library Data Processing Error
[137548] Microsoft Visual Studio XML Data information disclosure
[137547] Microsoft Visual Studio File Permission privilege escalation
[137546] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
[137536] Microsoft Azure Automation privilege escalation
[137526] Microsoft Azure DevOps Server/Team Foundation Server File privilege escalation
[137522] Microsoft .NET Framework up to 4.8 WCF/WIF SAML Token Impersonation weak authentication
[137521] Microsoft .NET Framework up to 4.8 Source Markup privilege escalation
[136414] Microsoft Azure DevOps Server 2019 cross site request forgery
[136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
[136332] Microsoft Office 365 ProPlus/2016/2019 Word memory corruption
[136331] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Word memory corruption
[136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
[136329] Microsoft SharePoint Server 2016/2019 cross site scripting
[136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
[136327] Microsoft Lync Server 2010/2013 privilege escalation
[136294] Microsoft IIS Request Filter Data Processing Error
[135806] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135805] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135804] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135803] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135802] Apple iCloud up to 7.11 on Windows WebKit information disclosure
[135801] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135800] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135799] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135798] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135797] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135796] Apple iCloud up to 7.11 on Windows WebKit privilege escalation
[135795] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135794] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135793] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135792] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135791] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135790] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135789] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135788] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135787] Apple iCloud up to 7.11 on Windows WebKit memory corruption
[135786] Apple iCloud up to 7.11 on Windows WebKit information disclosure
[135785] Apple iCloud up to 7.11 on Windows SQLite memory corruption
[135784] Apple iCloud up to 7.11 on Windows SQLite privilege escalation
[135783] Apple iCloud up to 7.11 on Windows SQLite sql injection
[135782] Apple iCloud up to 7.11 on Windows SQLite privilege escalation
[135307] Citrix Workspace App on Windows Access Control privilege escalation
[134754] Microsoft Azure DevOps Server/Team Foundation Server information disclosure
[134753] Microsoft Dynamics 365/Dynamics CRM Attachment 7PK Security Features
[134752] Microsoft Azure Active Directory Connect 1.3.20.0 PowerShell privilege escalation
[134749] Microsoft .NET Framework/.NET Core Data Processing Error
[134748] Microsoft .NET Framework/.NET Core Data Processing Error
[134747] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
[134743] Microsoft SharePoint Server 2013 SP1/2016 privilege escalation
[134742] Microsoft SharePoint Enterprise Server 2016/2019 privilege escalation
[134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure
[134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 7PK Security Features
[134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 privilege escalation
[134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[134736] Microsoft Office 2010 SP2 Access Connectivity Engine Data Processing Error
[134735] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error
[134734] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error
[134730] Microsoft Skype 8.35 on Android Bluetooth Listening information disclosure
[134708] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[134707] Microsoft .NET Framework up to 4.8 memory corruption
[134705] Microsoft .NET Framework/.NET Core Regex privilege escalation
[134704] Microsoft SQL Server 2017 Analysis Services information disclosure
[134697] Microsoft Office/Word 365 ProPlus/2016/2019 memory corruption
[134672] Facebook WhatsApp Messenger on Android/iOS/Windows Phone/Tizen VoIP Stack memory corruption
[134594] Google Go up to 1.12.5 on Windows Process privilege escalation
[133645] Oracle Java SE 8u202 Windows DLL privilege escalation
[133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE privilege escalation
[133235] Microsoft Azure DevOps Server 2019 privilege escalation
[133232] Microsoft Azure DevOps Server 2019 cross site scripting
[133231] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[133230] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[133229] Microsoft Azure DevOps Server 2019 privilege escalation
[133228] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[133227] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[133226] Microsoft Azure DevOps Server/Team Foundation Server cross site scripting
[133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
[133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
[133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
[133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
[133204] Microsoft Office/Excel up to 2019 memory corruption
[133203] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation
[133202] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation
[133201] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation
[133200] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation
[133199] Microsoft Office 2010 SP2 Access Connectivity Engine privilege escalation
[133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access Data Processing Error
[133184] Microsoft Office 365 ProPlus/2016 for Mac/2019 Graphics Component memory corruption
[133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Data Processing Error
[133142] Microsoft Azure Linux Guest Agent Swap File information disclosure
[132958] Apple iCloud up to 7.6 on Windows memory corruption
[132948] Apple iCloud up to 7.6 on Windows denial of service
[132943] Apple iCloud up to 7.6 on Windows memory corruption
[132939] Apple iCloud up to 7.6 on Windows memory corruption
[132934] Apple iCloud up to 7.6 on Windows memory corruption
[132928] Apple iCloud up to 7.6 on Windows memory corruption
[132923] Apple iCloud up to 7.6 on Windows URL cross site scripting
[132902] Apple iCloud up to 7.6 on Windows memory corruption
[132898] Apple iCloud up to 7.6 on Windows memory corruption
[132892] Apple iCloud up to 7.6 on Windows IFRAME 7PK Security Features
[132888] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption
[132884] Apple iCloud up to 7.6 on Windows Memory Management Routine memory corruption
[132880] Apple iCloud up to 7.6 on Windows State Management memory corruption
[132876] Apple iCloud up to 7.6 on Windows memory corruption
[132872] Apple iCloud up to 7.6 on Windows memory corruption
[132866] Apple iCloud up to 7.6 on Windows memory corruption
[132862] Apple iCloud up to 7.6 on Windows information disclosure
[132858] Apple iCloud up to 7.6 on Windows URL cross site scripting
[132853] Apple iCloud up to 7.6 on Windows memory corruption
[132847] Apple iCloud up to 7.6 on Windows memory corruption
[132842] Apple iCloud up to 7.6 on Windows memory corruption
[132838] Apple iCloud up to 7.6 on Windows memory corruption
[132833] Apple iCloud up to 7.3 on Windows memory corruption
[132416] Apple iCloud up to 7.10 on Windows WebKit Universal cross site scripting
[132415] Apple iCloud up to 7.10 on Windows WebKit Memory privilege escalation
[132414] Apple iCloud up to 7.10 on Windows WebKit privilege escalation
[132413] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132412] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132411] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132410] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132409] Apple iCloud up to 7.10 on Windows WebKit information disclosure
[132408] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132407] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132406] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132405] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132404] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132403] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132402] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132401] Apple iCloud up to 7.10 on Windows WebKit memory corruption
[132400] Apple iCloud up to 7.10 on Windows WebKit privilege escalation
[132398] Apple iCloud up to 7.10 on Windows CoreCrypto memory corruption
[131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
[131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
[131682] Microsoft Lync Server/Skype for Business privilege escalation
[131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
[131662] Microsoft Visual Studio on Mac Package Manager privilege escalation
[131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
[131529] Google Go up to 1.12 on Windows DLL Loader LoadLibrary privilege escalation
[131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
[131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
[131332] Microsoft Java SDK for Azure IoT Log information disclosure
[131331] Microsoft Java SDK for Azure IoT Key Generation weak encryption
[131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation
[131329] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
[130951] FeiFeiCms 4.0.181010 on Windows index.php directory traversal
[130832] Microsoft 2013 SP1 privilege escalation
[130829] Microsoft Visual Studio Code privilege escalation
[130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
[130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
[130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
[130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
[130823] Microsoft Office up to 2019 Connectivity Engine memory corruption
[130822] Microsoft Office up to 2019 Connectivity Engine memory corruption
[130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[130815] Microsoft .NET Framework up to 4.7.2 URL privilege escalation
[130795] Microsoft .NET Framework up to 4.7.2 Source Markup memory corruption
[130785] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 Security Feature Phishing 7PK Security Features
[130777] Microsoft SharePoint Server Application Package privilege escalation
[130351] idreamsoft iCMS 7.0.13 on Windows editor.admincp.php directory traversal
[130220] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption
[130219] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption
[130218] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption
[130217] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption
[130216] Cisco WebEx Network Recording Player/Webex Player on Windows memory corruption
[130097] Apple iCloud up to 7.9 on Windows WebKit Universal cross site scripting
[130096] Apple iCloud up to 7.9 on Windows WebKit memory corruption
[130095] Apple iCloud up to 7.9 on Windows WebKit memory corruption
[130094] Apple iCloud up to 7.9 on Windows WebKit memory corruption
[130093] Apple iCloud up to 7.9 on Windows WebKit memory corruption
[130092] Apple iCloud up to 7.9 on Windows WebKit memory corruption
[130091] Apple iCloud up to 7.9 on Windows WebKit memory corruption
[130090] Apple iCloud up to 7.9 on Windows WebKit memory corruption
[130089] Apple iCloud up to 7.9 on Windows WebKit privilege escalation
[130088] Apple iCloud up to 7.9 on Windows SQLite memory corruption
[130087] Apple iCloud up to 7.9 on Windows SQLite sql injection
[130086] Apple iCloud up to 7.9 on Windows SQLite memory corruption
[129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
[129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
[129845] Microsoft Skype for Business 2015 CU 8 privilege escalation
[129835] GE Voluson S8 Windows Operating System Patches privilege escalation
[129133] Apple iCloud up to 7.3 on Windows privilege escalation
[129128] Apple iCloud up to 7.3 on Windows Reachable Assertion
[129119] Apple iCloud up to 7.3 on Windows privilege escalation
[129114] Apple iCloud up to 7.3 on Windows privilege escalation
[129109] Apple iCloud up to 7.3 on Windows privilege escalation
[129104] Apple iCloud up to 7.4 on Windows information disclosure
[129048] Apple iCloud up to 7.2 on Windows memory corruption
[128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct memory corruption
[128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
[128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
[128762] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 Word privilege escalation
[128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation
[128745] Microsoft Office up to 2019 Word Macro information disclosure
[128744] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
[128743] Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
[128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
[128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
[128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
[128734] Microsoft .NET Framework up to 4.7.2 CORS Filter information disclosure
[128732] Microsoft Office 365 ProPlus/2010 SP2/2013 SP1/2016/2019 MSHTML Engine privilege escalation
[128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
[128605] WhatsApp Messenger up to 2.18 on Android/iOS/Windows Phone RTP Packet memory corruption
[128112] Advantech WebAccess SCADA 8.3.2 on Windows 2008 privilege escalation
[127991] IBM DB2 11.1 on Linux/Unix/Windows privilege escalation
[127925] Microsoft SharePoint Enterprise Server 2016 cross site scripting
[127883] Microsoft Azure Pack Rollup 13.1 cross site scripting
[127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
[127824] Microsoft Excel up to 2019 information disclosure
[127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data Data Processing Error
[127817] Microsoft Excel up to 2019 information disclosure
[127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search information disclosure
[127813] Microsoft .NET Framework up to 4.7.2 privilege escalation
[127809] Microsoft PowerPoint 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[127806] Microsoft Outlook up to 2019 memory corruption
[127805] Microsoft Excel up to 2019 memory corruption
[127804] Microsoft Excel up to 2019 memory corruption
[127800] Microsoft .NET Framework up to 4.7.2 privilege escalation
[127634] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption
[127633] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption
[127632] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption
[127631] Apple iCloud up to 7.8.1 on Windows WebK it memory corruption
[127630] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption
[127629] Apple iCloud up to 7.8.1 on Windows WebKit memory corruption
[127628] Apple iCloud up to 7.8.1 on Windows Safari privilege escalation
[127627] Apple iCloud up to 7.8.1 on Windows Safari Address privilege escalation
[127609] Apple macOS up to 10.14.1 WindowServer memory corruption
[127608] Apple macOS up to 10.14.1 WindowServer memory corruption
[127436] HPE Intelligent Management Center up to 7.2 on Windows dbman.exe memory corruption
[127047] PHP up to 7.1.24 on Windows com_safearray_proxy ext/standard/var.c denial of service
[126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 privilege escalation
[126794] Microsoft Team Foundation Server cross site scripting
[126793] Microsoft Azure App Service on Azure Stack cross site scripting
[126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji privilege escalation
[126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
[126748] Microsoft Office 365 ProPlus/2019 Outlook Message information disclosure
[126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
[126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
[126744] Microsoft Office up to 2019 Word memory corruption
[126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation
[126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation
[126734] Microsoft Office 365 ProPlus/2019 information disclosure
[126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
[126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation
[126716] Microsoft Office up to 2019 Excel memory corruption
[126715] Microsoft Office 365 ProPlus/2016/2019 Excel memory corruption
[126620] PrestaShop up to 1.6.1.22/1.7.4.3 on Windows privilege escalation
[126258] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126257] Apple iCloud up to 7.7 on Windows WebKit denial of service
[126256] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126255] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126254] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126253] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126252] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126251] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126250] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126249] Apple iCloud up to 7.7 on Windows WebKit memory corruption
[126248] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting
[126247] Apple iCloud up to 7.7 on Windows Safari Reader Universal cross site scripting
[126246] Apple iCloud up to 7.7 on Windows CoreCrypto Prime Number privilege escalation
[125565] Oracle MySQL Server up to 8.0.12 Windows privilege escalation
[125129] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XML Content XML External Entity
[125127] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XMLA File XML External Entity
[125126] Microsoft MQTT Object memory corruption
[125124] Microsoft SQL Server Management Studio 17.9/18.0 Preview 4 XEL File XML External Entity
[125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
[125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[125104] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error
[125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error
[125099] Microsoft Office/Excel up to 2019 Protected View Data Processing Error
[125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access privilege escalation
[124933] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124924] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124923] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124922] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124921] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124920] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124919] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124918] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124917] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124916] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124915] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124914] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124913] Cisco WebEx Network Recording Player on Windows ARF File memory corruption
[124912] Cisco WebEx Network Recording Player on Windows ARF File memory corruption
[124911] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124910] Cisco WebEx Network Recording Player on Windows ARF File privilege escalation
[124402] BigTree CMS 4.2.23 on Windows Rewrite Routing launch.php weak authentication
[124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx privilege escalation
[124064] Tor Browser up to 7.x on Windows Anonymity information disclosure
[123995] Microsoft Lync 2011 on Mac Security Feature privilege escalation
[123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
[123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
[123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
[123846] Microsoft Office 2016 on Win/Mac memory corruption
[123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File privilege escalation
[123840] Microsoft .NET Framework up to 4.7.2 privilege escalation
[123459] Docker up to 18.06.0ce-rc1 on Windows HandleRequestAsync privilege escalation
[122887] Microsoft Office 2016 on Mac AutoUpdate privilege escalation
[122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
[122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
[122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure
[122871] Microsoft PowerPoint 2010 SP2 memory corruption
[122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[122868] Microsoft .NET Framework up to 4.7.2 information disclosure
[122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
[122824] Microsoft Exchange Server Mail memory corruption
[122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
[122714] PHP up to 5.6.36/7.0.30/7.1.19/7.2.7 on Windows link_win32.c linkinfo information disclosure
[121932] Cisco WebEx Teams on Windows/macOS privilege escalation
[121757] Oracle Java SE 7u181/8u172 Windows DLL privilege escalation
[121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
[121121] Microsoft .NET Framework up to 4.7.2 Security Feature weak authentication
[121120] Microsoft Active Directory Federation Services Web Customizations cross site scripting
[121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[121117] Microsoft Research JavaScript Cryptography Library Security Feature Incorrect Calculation
[121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
[121113] Microsoft Lync/Skype for Business privilege escalation
[121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[121100] Microsoft .NET Framework up to 4.7.2 privilege escalation
[121098] Microsoft Office 2016/2016 C2R memory corruption
[121095] Microsoft .NET Framework 4.7.2 privilege escalation
[121094] Microsoft Lync/Skype for Business Security Feature 7PK Security Features
[121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
[120986] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120985] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120984] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120983] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120982] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120981] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120980] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120979] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120978] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120977] Apple iCloud up to 7.5 on Windows WebKit race condition
[120976] Apple iCloud up to 7.5 on Windows WebKit 7PK Security Features
[120975] Apple iCloud up to 7.5 on Windows WebKit privilege escalation
[120974] Apple iCloud up to 7.5 on Windows WebKit memory corruption
[120973] Apple iCloud up to 7.5 on Windows CFNetwork privilege escalation
[119805] ruby-ffi up to 1.9.23 on Windows DLL Loader privilege escalation
[119568] Puppet PE Client Tools up to 16.4.5/17.3.5/18.1.1 on Windows Configuration File privilege escalation
[119481] Microsoft SharePoint Enterprise Server cross site scripting
[119480] Microsoft cross site scripting
[119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error
[119478] Microsoft Office Web Apps Server/Office Online Server privilege escalation
[119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
[119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
[118889] windows-latestchromedriver on Node.js Download chromedriver.exe weak encryption
[118884] windows-seleniumjar on Node.js Download weak encryption
[118882] windows-iedriver 2.48.0 on Node.js Download iedriverserver.exe weak encryption
[118880] windows-selenium-chromedriver on Node.js Download weak encryption
[118868] windows-seleniumjar-mirror on Node.js Download weak encryption
[118749] Apple iCloud up to 7.4 on Windows WebKit information disclosure
[118748] Apple iCloud up to 7.4 on Windows WebKit memory corruption
[118747] Apple iCloud up to 7.4 on Windows WebKit privilege escalation
[118746] Apple iCloud up to 7.4 on Windows WebKit privilege escalation
[118745] Apple iCloud up to 7.4 on Windows WebKit memory corruption
[118744] Apple iCloud up to 7.4 on Windows WebKit memory corruption
[118743] Apple iCloud up to 7.4 on Windows WebKit memory corruption
[118742] Apple iCloud up to 7.4 on Windows WebKit memory corruption
[118741] Apple iCloud up to 7.4 on Windows WebKit privilege escalation
[118740] Apple iCloud up to 7.4 on Windows WebKit memory corruption
[118739] Apple iCloud up to 7.4 on Windows WebKit memory corruption
[118738] Apple iCloud up to 7.4 on Windows WebKit race condition
[118737] Apple iCloud up to 7.4 on Windows WebKit Data Processing Error
[118673] Apple macOS up to 10.13.5 Windows Server memory corruption
[118238] McAfee Data Loss Prevention/DLP Endpoint on Windows privilege escalation
[118120] Microsoft Office 2016 on Mac XML Data privilege escalation
[117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 cross site scripting
[117560] Microsoft Exchange Server up to 2016 CU9 memory corruption
[117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation
[117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
[117504] Microsoft Office 2010 SP2 information disclosure
[117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access privilege escalation
[117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
[117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation
[117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
[117498] Microsoft Office 2016 C2R Security Feature 7PK Security Features
[117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
[117488] Microsoft Azure IoT SDK AMQP weak authentication
[117479] Microsoft .NET Framework up to 4.7.1 XML Data XML External Entity
[117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
[116274] 7-zip up to 18.01 on Windows Access Restriction LsaAddAccountRights privilege escalation
[116133] Microsoft Visual Studio information disclosure
[116132] Microsoft Office 2016 Memory information disclosure
[116051] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 privilege escalation
[116049] Microsoft SharePoint Enterprise Server 2013/2016 Redirect
[116046] Microsoft SharePoint Enterprise Server 2013/2016 Share privilege escalation
[116023] Microsoft Office up to 2016 C2R information disclosure
[116022] Microsoft Excel 2010 SP2 memory corruption
[116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error
[116017] Microsoft Excel up to 2016 C2R memory corruption
[116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics privilege escalation
[116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
[116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error
[116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
[115616] Apple iCloud up to 7.1 on Windows CFNetwork Session memory corruption
[115608] Apple iCloud up to 7.1 on Windows WebKit memory corruption
[115602] Apple iCloud up to 7.1 on Windows WebKit Redirect
[115585] Apple iCloud up to 7.1 on Windows WebKit memory corruption
[115580] Apple iCloud up to 7.1 on Windows WebKit memory corruption
[115550] Apple iCloud up to 6.1 on Windows WebKit information disclosure
[115488] Apple iCloud up to 7.3 on Windows WebKit information disclosure
[115487] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115486] Apple iCloud up to 7.3 on Windows WebKit privilege escalation
[115485] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115484] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115483] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115482] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115481] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115480] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115479] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115478] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115477] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115476] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115475] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115474] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115473] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115472] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115471] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115470] Apple iCloud up to 7.3 on Windows WebKit memory corruption
[115469] Apple iCloud up to 7.3 on Windows Security memory corruption
[115445] Apple macOS up to 10.13.4 WindowServer Keylogger 7PK Security Features
[115072] Philips IntelliSpace Portal 7.0.x/8.0.x Windows Permission privilege escalation
[114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
[114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114573] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
[114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake information disclosure
[114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
[114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
[114562] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114561] Microsoft Office/SharePoint information disclosure
[114560] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114559] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114558] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114557] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114556] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114555] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114554] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114553] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114552] Microsoft SharePoint Enterprise Server 2016 privilege escalation
[114551] Microsoft Excel up to 2016 C2R Security Feature 7PK Security Features
[114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
[113330] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation
[113329] HPE System Management Homepage up to 7.6.0 on Windows/Linux privilege escalation
[113328] HPE System Management Homepage up to 7.6.0 on Windows/Linux memory corruption
[113327] HPE System Management Homepage up to 7.6.0 on Windows/Linux denial of service
[113326] HPE System Management Homepage up to 7.6.0 on Windows/Linux cross site scripting
[113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
[113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
[113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
[113232] Microsoft Excel 2016 privilege escalation
[113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[113124] LibreOffice up to 6.0.1 COM.MICROSOFT.WEBSERVICE File privilege escalation
[112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[111912] IBM DB2 up to 9.7/10.1 FP5/10.5 FP7 on AIX/Linux/HP/Solaris/Windows Subquery OLAP privilege escalation
[111580] Microsoft Office 2016 on Mac Email Attachment privilege escalation
[111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
[111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
[111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
[111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
[111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
[111569] Microsoft Office RTF memory corruption
[111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
[111567] Microsoft Office 2010/2013/2016 memory corruption
[111566] Microsoft Word 2007/2010/2013/2016 memory corruption
[111565] Microsoft Word 2007/2010/2013 Email Message privilege escalation
[111564] Microsoft Word 2016 memory corruption
[111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
[111562] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation
[111561] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation
[111557] Microsoft .NET Framework up to 5.7 XML Data Processing Error
[111128] Apple iCloud up to 7.1 on Windows WebKit memory corruption
[110670] vBulletin up to 5.3.x on Windows directory traversal
[110553] Microsoft Office 2016 C2R information disclosure
[110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
[110551] Microsoft Excel 2016 C2R memory corruption
[110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
[110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
[109519] npm KyleRoss windows-cpu on Node.js privilege escalation
[109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
[109389] Microsoft Excel 2016 Click-to-Run memory corruption
[109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
[109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro 7PK Security Features
[109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
[109358] Microsoft .NET Framework 1.0/1.1/2.0 weak authentication
[109273] Savitech Driver Package on Windows weak authentication
[108287] Ikarus Anti Virus 2.16.7 on Windows guardxup.exe privilege escalation
[107742] Microsoft Lync/Skype for Business Authentication privilege escalation
[107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
[107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
[107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[107698] Microsoft Office 2016 memory corruption
[106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method privilege escalation
[106545] Microsoft .NET Framework up to 4.7 privilege escalation
[106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
[106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
[106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[106529] Microsoft PowerPoint 2016 memory corruption
[106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[106474] Microsoft Office 2016 memory corruption
[106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
[106470] Microsoft Excel 2011 on Mac memory corruption
[106455] Microsoft Exchange Server 2013/2016 information disclosure
[105723] Atlassian FishEye/Crucible up to 4.4.0 on Windows MultiPathResource directory traversal
[105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
[105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
[104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
[104583] Microsoft Outlook up to 2016 C2R Email privilege escalation
[104582] Microsoft Outlook up to 2016 C2R Object information disclosure
[104285] Apple iCloud up to 6.2.1 on Windows WebKit Web Inspector memory corruption
[104284] Apple iCloud up to 6.2.1 on Windows WebKit Page Loading memory corruption
[104282] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104281] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104280] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104279] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104278] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104277] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104276] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104275] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104274] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104273] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104272] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104271] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104270] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104269] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104268] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104267] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104266] Apple iCloud up to 6.2.1 on Windows WebKit memory corruption
[104265] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure
[104264] Apple iCloud up to 6.2.1 on Windows libxml2 information disclosure
[103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Redirect
[103443] Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 privilege escalation
[103434] Microsoft Office Object Data Processing Error
[103433] Microsoft SharePoint privilege escalation
[103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting
[103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting
[103422] Microsoft Office Object memory corruption
[103421] Microsoft Office Object memory corruption
[103403] Microsoft Office Object memory corruption
[103214] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption
[103213] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption
[103212] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption
[103211] SWFTools 2013-04-09-1007 on Windows png2swf memory corruption
[103145] SWFTools 2013-04-09-1007 on Windows font2swf Access Violation memory corruption
[102938] Microsoft Azure AD Connect Password Writeback privilege escalation
[102821] Microsoft Skype up to 7.2/7.35/7.36 RDP Clipboard MSFTEDIT.DLL memory corruption
[102814] NetKVM Windows Virtio Driver IP Packet privilege escalation
[102783] Microsoft Malware Protection Engine up to 1.1.13804.0 on 32-bit mpengine.dll privilege escalation
[102463] Microsoft Project Server 2013 SP1 cross site scripting
[102462] Microsoft Skype for Business/Lync Server HTML privilege escalation
[102460] Microsoft Outlook 2016 on Mac HTML privilege escalation
[102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
[102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 memory corruption
[102446] Microsoft Office up to 2016 Data Processing Error
[102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 Data Processing Error
[102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error
[102443] Microsoft Office up to 2016 Data Processing Error
[102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 7PK Security Features
[102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
[102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
[101949] BigTree CMS up to 4.2.18 on Windows file-browser.php directory traversal
[101614] IBM Informix Open Admin Tool 11.5/11.7/12.1 on Windows privilege escalation
[101356] Apple iCloud up to 6.2.0 on Windows WebKit memory corruption
[101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
[101019] Microsoft Skype for Business 2016 Data Processing Error
[101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 Data Processing Error
[101017] Microsoft Office 2007 SP3/2010 SP2/2016 Data Processing Error
[101016] Microsoft PowerPoint 2011 on Mac memory corruption
[101015] Microsoft PowerPoint 2011 on Mac memory corruption
[101014] Microsoft Office 2010 SP2/2016 Data Processing Error
[101013] Microsoft Office 2010 SP2/2016 privilege escalation
[101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
[101003] Microsoft .NET Framework up to 4.7 Certificate Validation 7PK Security Features
[100801] BMC Server Automation up to 8.6 SP1 Patch 1/8.7 Patch 2 on Windows RSCD Agent privilege escalation
[99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
[99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
[99682] Microsoft Outlook 2011 on Mac HTML Tag Validator privilege escalation
[99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
[99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message memory corruption
[99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex privilege escalation
[98548] ntp up to 4.2.8p9 on Windows Data Structure memory corruption
[98476] Microsoft Skype 7.16.0.102 DLL Loader Skype.exe privilege escalation
[98097] Microsoft IIS 7.0/7.5/8.0/8.5/10 /uncpath/ cross site scripting
[98096] Microsoft Exchange 2013 SP1 cross site scripting
[98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
[98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
[98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 information disclosure
[98092] Microsoft SharePoint Server 2007 SP3 memory corruption
[98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
[98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
[98089] Microsoft Office Web Apps 2013 SP1 memory corruption
[98088] Microsoft SharePoint Server 2007 SP3 memory corruption
[98087] Microsoft Office 2007 SP3/2010 SP2 information disclosure
[98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[98085] Microsoft Excel 2007 SP3 memory corruption
[98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
[98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
[98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
[98081] Microsoft Excel up to 2016 information disclosure
[98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[98079] Microsoft Word 2016 memory corruption
[98078] Microsoft Word/Excel 2007 SP3 memory corruption
[98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component memory corruption
[98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
[98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
[98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component privilege escalation
[98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component memory corruption
[98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
[98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
[97894] Cerberus FTP Server 8.0.10.1 on Windows Header privilege escalation
[96363] MyBB/MyBB Merge System up to 1.8.7 on Windows ACP Backup information disclosure
[96360] MyBB/MyBB Merge System up to 1.8.7 on Windows Style Import File privilege escalation
[95957] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption
[95956] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption
[95955] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption
[95954] Apple iCloud up to 6.1.0 on Windows WebKit memory corruption
[95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
[95339] GStreamer up to 1.10.1 windows_icon_typefind information disclosure
[95334] ntpd up to 4.2.8p8 on Windows UDP Packet denial of service
[95125] Microsoft Word/SharePoint Enterprise Server 2016 Document memory corruption
[94460] Microsoft .NET Framework up to <=2.0 weak encryption
[94452] Microsoft Office on Mac privilege escalation
[94451] Microsoft Office 2011 memory corruption
[94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
[94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
[94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
[94447] Microsoft Office 2010 SP2 memory corruption
[94446] Microsoft Office 2016 memory corruption
[94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
[94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader Data Processing Error
[94443] Microsoft Office up to 2016 information disclosure
[94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
[94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
[94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
[94439] Microsoft Office 2007 SP3/2011 information disclosure
[94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
[94341] Apple iCloud up to 6.0 on Windows Windows Security Memory information disclosure
[94340] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94339] Apple iCloud up to 6.0 on Windows WebKit information disclosure
[94338] Apple iCloud up to 6.0 on Windows WebKit information disclosure
[94337] Apple iCloud up to 6.0 on Windows WebKit Javascript unknown vulnerability
[94336] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94335] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94334] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94333] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94332] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94331] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94330] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94329] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94328] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94327] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94326] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94325] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94324] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94323] Apple iCloud up to 6.0 on Windows WebKit State information disclosure
[94322] Apple iCloud up to 6.0 on Windows WebKit memory corruption
[94321] Apple iCloud up to 6.0 on Windows WebKit State memory corruption
[94320] Apple iCloud up to 6.0 on Windows WebKit memory corruption
[94319] Apple iCloud up to 6.0 on Windows WebKit memory corruption
[94318] Apple iCloud up to 6.0 on Windows WebKit memory corruption
[93543] Microsoft SQL Server 2016 FILESTREAM Path information disclosure
[93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
[93541] Microsoft Office 2007 SP3 privilege escalation
[93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
[93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
[93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
[93537] Microsoft Office 2007/2010 SP2/2011 information disclosure
[93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
[93415] Microsoft SQL Server 2016 MDS API cross site scripting
[93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
[93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
[93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
[93396] Microsoft Office 2007/2010/2011 memory corruption
[93395] Microsoft Office 2007/2010/2011 memory corruption
[93394] Microsoft Office 2007/2010 memory corruption
[93393] Microsoft Office up to 2016 memory corruption
[93392] Microsoft Office up to 2016 memory corruption
[93391] Microsoft Office up to 2016 memory corruption
[93147] Apple iCloud up to 6.0 on Windows WebKit memory corruption
[93146] Apple iCloud up to 6.0 on Windows WebKit User information disclosure
[92584] Microsoft Office up to 2016 memory corruption
[92249] Microsoft Azure Active Directory Passport up to 1.4.5/2.0.0 weak authentication
[91703] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression memory corruption
[91702] Symantec Mail Security for Microsoft Exchange up to 6.5.8/7.0.4/7.5.4 RAR Decompression information disclosure
[91614] VMware Workstation/Player on Windows JPEG2000 Image memory corruption
[91613] VMware Workstation/Player on Windows TrueType Font memory corruption
[91612] VMware Workstation/Player on Windows Cortado ThinPrint tpview.dll memory corruption
[91611] VMware Workstation/Player on Windows Cortado ThinPrint memory corruption
[91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
[91555] Microsoft Exchange 2013/2016 Link privilege escalation
[91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
[91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
[91552] Microsoft Office 2007/2010/2013/2013 RT/2016 privilege escalation
[91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
[91550] Microsoft Office 2016 memory corruption
[91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
[91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
[91547] Microsoft Office 2010 memory corruption
[91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
[91545] Microsoft Office 2007/2010 memory corruption
[91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
[91543] Microsoft Office up to 2016 memory corruption
[91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
[91541] Microsoft Office 2013/2016 APP-V 7PK Security Features
[90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
[90705] Microsoft Office 2007/2010/2011 memory corruption
[90704] Microsoft Office 2013/2013 RT/2016 memory corruption
[90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
[90249] Microsoft Exchange Outlook Web Access privilege escalation
[90169] Microsoft IIS PUT Request privilege escalation
[89653] Microsoft IIS /cgi-bin/ Directory information disclosure
[89597] Microsoft IIS 5.0 Download.Ject Trojan privilege escalation
[89581] Microsoft ISA Server information disclosure
[89568] Microsoft IIS ASP.NET information disclosure
[89524] Microsoft ISA Server SSL Packet denial of service
[89487] Microsoft Exchange information disclosure
[89349] Microsoft IIS Passive FTP Connection information disclosure
[89298] Microsoft SQL Server Version information disclosure
[89286] Microsoft MSN Messenger IP Address information disclosure
[89220] Microsoft IIS on WinNT4 IDC File Path information disclosure
[89195] KpyM Windows Telnet Server privilege escalation
[89179] Jordan Windows Telnet 1.0/1.2 memory corruption
[89043] Microsoft Office up to 2016 memory corruption
[89042] Microsoft Word Viewer memory corruption
[89041] Microsoft Office up to 2016 memory corruption
[89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
[89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
[89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature 7PK Security Features
[89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[88885] Microsoft Office 2000 SP1 Service Pack 2 privilege escalation
[88829] Symantec Norton Antivirus on Windows Client IDS Driver memory corruption
[88828] Symantec Endpoint Protection on Windows Client IDS Driver memory corruption
[88761] Microsoft IIS privilege escalation
[88654] Microsoft IIS 4.0 Remote Administration Script privilege escalation
[88653] Microsoft Exchange 5.0/5.5 IMAP Service weak authentication
[88616] Microsoft IIS privilege escalation
[88583] Microsoft IIS 2.0/2.5 URLScan information disclosure
[88289] Microsoft IIS Sample Files information disclosure
[88260] Microsoft IIS bdir.htr information disclosure
[88256] Microsoft SQL Server weak authentication
[88254] Microsoft IIS 5.0 IDC File cross site scripting
[88247] Microsoft IIS 5.0 Sample Application Form_JScript.asp cross site scripting
[88243] Microsoft IIS /scripts/repost.asp File privilege escalation
[88241] Microsoft IIS 5.0 Sample Application /iissamples Path information disclosure
[88143] Microsoft Outlook S/MIME EmailAddress weak authentication
[87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
[87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
[87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
[87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
[87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL privilege escalation
[87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
[87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
[87936] Microsoft Office up to 2016 privilege escalation
[87626] VMware vCenter Server up to 5.1/5.5/6.0 on Windows cross site scripting
[87541] VMware Workstation/Player on Windows privilege escalation
[87168] Microsoft .NET Framework up to 4.6.1 TLS/SSL information disclosure
[87149] Microsoft Office up to 2016 memory corruption
[87148] Microsoft Office 2010 Graphics privilege escalation
[87147] Microsoft Office 2007/2010 memory corruption
[87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
[84364] Microsoft PowerPoint 2000/2002/2003 mso.dll memory corruption
[84255] Microsoft Office privilege escalation
[83849] Microsoft Office privilege escalation
[82354] Microsoft IIS WebDAV denial of service
[82229] Microsoft Excel 2010 SP2 Office Document memory corruption
[82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
[82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
[82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
[81890] Microsoft IIS advsearch.asp denial of service
[81889] Microsoft IIS query.asp denial of service
[81888] Microsoft IIS search.asp denial of service
[81769] Microsoft IIS 4.0/5.0 cmd.exe privilege escalation
[81731] Microsoft IIS ASP.NET Path information disclosure
[81558] Red Hat WildFly up to 10.0.0 on Windows Blacklist Filter File information disclosure
[81274] Microsoft Office up to 2016 memory corruption
[81273] Microsoft Office 2007/2010/2013/2016 privilege escalation
[81272] Microsoft Office 2007/2010/2013 memory corruption
[80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
[80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[80870] Microsoft Office up to 2016 memory corruption
[80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
[80868] Microsoft Office up to 2016 memory corruption
[80867] Microsoft Office up to 2016 memory corruption
[80826] Oracle Java SE 6u111/7u95/8u71/8u72 on Windows Install privilege escalation
[80733] cURL up to 7.46.x on Windows privilege escalation
[80231] Microsoft Excel up to 2016 Office Document memory corruption
[80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
[80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
[80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
[80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
[80218] Microsoft Office up to 2016 ASLR information disclosure
[80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
[80216] Microsoft Office up to 2016 Office Document memory corruption
[80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
[79863] Samba up to 4.3.2 Windows Active Directory Server privilege escalation
[79745] Microsoft Office Font File memory corruption
[79744] Microsoft Office Font File memory corruption
[79743] Microsoft Office Font File memory corruption
[79742] Microsoft Skype Font File memory corruption
[79741] Microsoft Skype Font File memory corruption
[79740] Microsoft Skype Font File memory corruption
[79739] Microsoft .NET Framework up to 4.6 Font File memory corruption
[79505] Microsoft Office 2007 memory corruption
[79504] Microsoft Office 2007/2010/2013/2016 privilege escalation
[79503] Microsoft Office 2007/2010/2013 memory corruption
[79502] Microsoft Office 2007/2010/2011 memory corruption
[79501] Microsoft Office 2007/2010 memory corruption
[79500] Microsoft Office 2010/2011/2016 memory corruption
[79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
[79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
[79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
[79186] Microsoft Lync/Skype for Business cross site scripting
[79181] Microsoft .NET Framework up to 4.6 ASLR information disclosure
[79180] Microsoft .NET Framework up to 4.6 cross site scripting
[79179] Microsoft .NET Framework up to 4.6 information disclosure
[79177] Microsoft Office/SharePoint memory corruption
[79176] Microsoft Office/SharePoint memory corruption
[79175] Microsoft Office/SharePoint memory corruption
[79117] Microsoft Outlook 2011/2016 on Mac HTML cross site scripting
[78706] ownCloud Server up to 7.0.5/8.0.3 on Windows routing directory traversal
[78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
[78374] Microsoft SharePoint Server/Office Web Apps cross site scripting
[78373] Microsoft Excel/SharePoint Server fileVersion memory corruption
[78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services information disclosure
[78370] Microsoft Excel/SharePoint Server Object calculatedColumnFormula memory corruption
[77710] PHP up to 5.6.12 on Windows CLI Server memory corruption
[77702] Corel WordPerfect Microsoft Word Document Conversion memory corruption
[77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image privilege escalation
[77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
[77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
[77641] Microsoft Lync Server/Skype for Business Server cross site scripting
[77638] Microsoft Lync Server 2013 cross site scripting
[77637] Microsoft Lync Server/Skype for Business Server cross site scripting
[77632] Microsoft .NET Framework up to 4.6 MVC Code
[77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
[77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
[77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
[77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
[77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
[77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure
[77611] Microsoft .NET Framework up to 4.6 Array Copy memory corruption
[77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
[77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font privilege escalation
[77053] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation
[77052] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation
[77051] Microsoft .NET Framework 4.6 RyuJIT Optimization privilege escalation
[77050] Microsoft Office up to 2016 memory corruption
[77049] Microsoft Office up to Word Viewer Numeric Error
[77048] Microsoft Office up to Word Viewer memory corruption
[77047] Microsoft Office up to Word Viewer memory corruption
[77046] Microsoft Office up to Word Viewer memory corruption
[77045] Microsoft Office up to Word Viewer privilege escalation
[77044] Microsoft Office up to Word Viewer Command Line Parameter information disclosure
[77043] Microsoft Office up to Word Viewer memory corruption
[76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
[76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
[76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
[76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
[76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
[76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
[76462] Microsoft Excel/SharePoint Server ASLR information disclosure
[76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function privilege escalation
[76439] Microsoft SQL Server 2008/2008 R2/2012/2014 privilege escalation
[76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
[76399] VMware Workstation/Player/Horizon View Client on Windows Discretionary Access Control List privilege escalation
[75793] Microsoft Exchange Server 2013 CU8 cross site scripting
[75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
[75791] Microsoft Office 2013 SP1 Office Document Data Processing Error
[75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
[75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document Data Processing Error
[75785] Microsoft Office Compatibility Pack SP3 Office Document Data Processing Error
[75707] Cisco Unified MeetingPlace for Microsoft Outlook 8.6(1.2)/ 8.6(1.9) cross site scripting
[75685] Skype on Windows/Android/iOS IM denial of service
[75399] Trend Micro ScanMail for Microsoft Exchange up to 10.2/11.0 Session ID Generator weak encryption
[75340] Microsoft .NET Framework up to 4.5.2 WinForms privilege escalation
[75339] Microsoft .NET Framework up to 4.5.2 XML weak encryption
[75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
[75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
[75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
[74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
[74846] Microsoft Word/Word Viewer/Office Compatibility Pack Document memory corruption
[74845] Microsoft Office 2007/2010/2013 Document memory corruption
[74844] Microsoft Office 2007/2010 Document memory corruption
[74843] Microsoft .NET Framework up to 4.5.2 ASP.NET Data Processing Error
[74837] Microsoft Office 2007/2010/2011/2013 RTF Document denial of service
[74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
[74835] Microsoft Office 2011 on Mac cross site scripting
[74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
[74016] Microsoft .NET Framework 4.03 PML File memory corruption
[73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
[73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
[73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
[73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
[73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
[73967] Microsoft Office up to 2013 SP1 Office File Data Processing Error
[73966] Microsoft Office up to 2013 SP1 RTF File denial of service
[73965] Microsoft Office up to 2013 SP1 memory corruption
[73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
[73200] Microsoft Exchange Server cross site scripting
[73199] Microsoft Exchange Server cross site scripting
[71337] Microsoft Office 2000/2004/XP privilege escalation
[71152] clearhub Windows Live Hotmail PUSH mail 1.00.97 X.509 Certificate weak encryption
[70617] Microsoft Outlook.com Certificates weak encryption
[69467] Microsoft IIS 4.0/5.0/5.06/5.1 privilege escalation
[69158] Microsoft Office 2007/2010/2013 memory corruption
[69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream denial of service
[69156] Microsoft Office 2010 Object denial of service
[69155] Microsoft Excel -/2007/2010/2013 Object denial of service
[62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet denial of service
[62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
[61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
[60711] Microsoft .NET Framework 4.0 denial of service
[60205] Microsoft .NET Framework 2.0 SP2/3.5.1 privilege escalation
[59908] Microsoft Anti-cross Site Scripting Library 3.1 cross site scripting
[58992] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 privilege escalation
[58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
[58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet privilege escalation
[58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
[58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
[58488] Microsoft Office 2007/2010 privilege escalation
[58487] Microsoft SharePoint Foundation 2010 cross site scripting
[58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
[58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
[58239] Microsoft Visual Studio cross site scripting
[57691] Microsoft SQL Server 2008 Web Service information disclosure
[57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
[57689] Microsoft Excel 2002 Spreadsheet memory corruption
[57688] Microsoft Excel 2002 Spreadsheet memory corruption
[57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
[57686] Microsoft Excel 2002 Spreadsheet memory corruption
[57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
[57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
[57420] Microsoft PowerPoint 2002/2003 memory corruption
[57410] Microsoft .NET Framework 3.5 SP1/3.5.1/4.0 Access Restriction privilege escalation
[57278] Wireshark 1.4.0/1.4.1/1.4.2/1.4.3/1.4.4 on Windows NFS Dissector Numeric Error
[57079] Microsoft PowerPoint 2002/2003/2007/2010 privilege escalation
[57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
[57077] Microsoft Excel 2002 memory corruption
[57076] Microsoft Excel 2002/2003 memory corruption
[57075] Microsoft Excel 2002/2003 memory corruption
[57074] Microsoft Excel 2002 memory corruption
[57073] Microsoft Excel 2002/2003/2007/2010 Numeric Error
[57072] Microsoft Excel -/2002/2003/2007/2010 Numeric Error
[56475] Microsoft Office 2004/2008 privilege escalation
[56474] Microsoft Office Compatibility Pack Spreadsheet privilege escalation
[56473] Microsoft Office Compatibility Pack memory corruption
[55770] Microsoft Office Xp memory corruption
[55769] Microsoft Office Xp memory corruption
[55768] Microsoft Office Xp memory corruption
[55767] Microsoft Office Xp memory corruption
[55766] Microsoft Office Xp memory corruption
[55765] Microsoft Office 2003/Xp Numeric Error
[55764] Microsoft Office 2003/Xp memory corruption
[55420] Microsoft Office 2007/2010 memory corruption
[55419] Microsoft Office 2004/2008/2011/Xp memory corruption
[55418] Microsoft Office up to Xp memory corruption
[55417] Microsoft Office up to Xp memory corruption
[55416] Microsoft Office up to Xp memory corruption
[55412] Microsoft PowerPoint Viewer 2007 Numeric Error
[55411] Microsoft PowerPoint 2002/2003 memory corruption
[54995] Microsoft Office 2004/2008 privilege escalation
[54994] Microsoft Office 2004/2008 privilege escalation
[54993] Microsoft Office Compatibility Pack 2007 privilege escalation
[54992] Microsoft Excel 2002 privilege escalation
[54991] Microsoft Office 2004 Future privilege escalation
[54990] Microsoft Office 2004 privilege escalation
[54989] Microsoft Office 2004/2008 privilege escalation
[54988] Microsoft Excel 2002 privilege escalation
[54987] Microsoft Excel 2002 privilege escalation
[54986] Microsoft Excel 2002/2003 privilege escalation
[54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 privilege escalation
[54984] Microsoft Office 2004/2008 privilege escalation
[54983] Microsoft Excel 2002 Numeric Error
[54980] Microsoft Word 2002/2003 privilege escalation
[54979] Microsoft Word 2002 privilege escalation
[54978] Microsoft Word 2002 privilege escalation
[54977] Microsoft Word 2002 privilege escalation
[54976] Microsoft Word 2002 denial of service
[54975] Microsoft Word 2002 privilege escalation
[54974] Microsoft Word 2002 privilege escalation
[54973] Microsoft Word 2002 privilege escalation
[54972] Microsoft Word 2002 privilege escalation
[54971] Microsoft Word 2002 privilege escalation
[54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
[54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
[54719] Microsoft IIS 5.1 Access Restriction weak authentication
[54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
[54550] Microsoft PowerPoint 2007 rpawinet.dll privilege escalation
[54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
[54322] Microsoft Word 2002/2003 privilege escalation
[54321] Microsoft Office Compatibility Pack 2007 memory corruption
[54320] Microsoft Office Compatibility Pack 2007 privilege escalation
[54319] Microsoft Office Compatibility Pack 2007 privilege escalation
[54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces privilege escalation
[54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll privilege escalation
[53508] Microsoft SharePoint Services 3.0 denial of service
[53507] Microsoft IIS 6.0/7.0/7.5 privilege escalation
[53505] Microsoft Excel 2002/2007 privilege escalation
[53504] Microsoft Excel 2002 privilege escalation
[53503] Microsoft Excel 2002 privilege escalation
[53502] Microsoft Excel 2002 privilege escalation
[53501] Microsoft Excel 2002 privilege escalation
[53500] Microsoft Excel 2002 privilege escalation
[53499] Microsoft Excel 2002 privilege escalation
[53498] Microsoft Excel 2002 privilege escalation
[53497] Microsoft Excel 2002 privilege escalation
[53496] Microsoft Excel 2002 privilege escalation
[53495] Microsoft Excel 2002/2003/2007 privilege escalation
[53494] Microsoft Excel 2002 privilege escalation
[53493] Microsoft Excel 2002/2003/2007 privilege escalation
[53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
[53367] Microsoft .NET Framework 1.0 Default Configuration cross site scripting
[53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL privilege escalation
[52430] Microsoft Wireless Keyboard Encryption XOR weak encryption
[52148] Microsoft Office 2004/2007/2008 privilege escalation
[52147] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation
[52146] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
[52145] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation
[52144] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation
[52143] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation
[51995] Microsoft SharePoint Server up to 2006 cross site scripting
[51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
[51802] Microsoft PowerPoint 2003 memory corruption
[51801] Microsoft PowerPoint 2003 memory corruption
[51800] Microsoft PowerPoint 2002/2003 privilege escalation
[51799] Microsoft PowerPoint 2002/2003 privilege escalation
[51798] Microsoft PowerPoint 2002/2003 memory corruption
[51758] Microsoft IIS 6.0 cross site scripting
[51338] Microsoft IIS up to 6.0 asp:.jpg privilege escalation
[51074] Microsoft Office 2002/2003 Numeric Error
[50812] Citrix Online Plug-in up to 11.0 on Windows weak encryption
[50794] Microsoft Office 2004/2008 Spreadsheet privilege escalation
[50793] Microsoft Office 2004/2008 Spreadsheet privilege escalation
[50792] Microsoft Office 2004/2008 Spreadsheet privilege escalation
[50791] Microsoft Office 2004/2008 Spreadsheet privilege escalation
[50790] Microsoft Office 2004/2008 Spreadsheet memory corruption
[50789] Microsoft Office 2004/2008 Spreadsheet privilege escalation
[50788] Microsoft Office 2004/2008 Spreadsheet privilege escalation
[50787] Microsoft Office 2004/2008 Spreadsheet privilege escalation
[50660] Microsoft SharePoint Server 2007 privilege escalation
[50443] Microsoft PowerPoint 2007 Numeric Error
[50437] Microsoft .NET Framework 1.1 SP1/2.0 SP2 GDI+ Numeric Error
[50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 privilege escalation
[50155] PHP on Windows C Runtime _fdopen Format String
[50139] Microsoft Enterprise Library 4.0 Format String
[49699] Sophos PureMessage for Microsoft Exchange Installation denial of service
[49698] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service
[49697] Sophos PureMessage for Microsoft Exchange Message Queue PMScanner.exe denial of service
[49395] Microsoft Office 2000/2003/XP Office Web Components memory corruption
[49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
[49389] Microsoft Office 2000/2003/XP Office Web Components denial of service
[49272] XEmacs 21.4.22 on Windows glyphs-eimage.c jpeg_instantiate Numeric Error
[49198] Microsoft Visual Studio 2005 information disclosure
[49191] Microsoft Visual Studio Error privilege escalation
[49044] Microsoft ISA Server 2006 privilege escalation
[48572] Microsoft PowerPoint 2002 FL21WIN.DLL privilege escalation
[48554] Microsoft Excel 2000/2003/2007 privilege escalation
[48549] Microsoft IIS 5.0 weak authentication
[48548] Microsoft Office up to Xp Numeric Error
[48547] Microsoft Office up to Xp denial of service
[48546] Microsoft Office up to Xp privilege escalation
[48545] Microsoft Office up to Xp privilege escalation
[48544] Microsoft Office up to Xp privilege escalation
[48543] Microsoft Office up to Xp privilege escalation
[48518] Microsoft ADAM XP Active Directory denial of service
[48515] Microsoft Office Word Viewer 2003 memory corruption
[48514] Microsoft Office Word Viewer 2003 memory corruption
[48498] Microsoft IIS 5.0/5.1/6.0 Password Protection weak authentication
[48409] IBM DB2 8.0/9.1/9.5 on Windows Configuration
[48157] Microsoft PowerPoint 2002 Sound memory corruption
[48156] Microsoft PowerPoint 2000 memory corruption
[48155] Microsoft PowerPoint 2002 Notes Container memory corruption
[48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
[48153] Microsoft PowerPoint 2002 Sound privilege escalation
[48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
[48151] Microsoft PowerPoint 2002 memory corruption
[48150] Microsoft PowerPoint 2002 Sound privilege escalation
[48149] Microsoft PowerPoint 2002 privilege escalation
[48148] Microsoft PowerPoint 2002 Sound privilege escalation
[48147] Microsoft PowerPoint 2002 Sound privilege escalation
[48146] Microsoft PowerPoint 2002 Numeric Error
[47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet denial of service
[47716] Microsoft Office Converter Pack 2003 WPFT632.CNV privilege escalation
[46594] Trend Micro InterScan Web Security Virtual Appliance 3.1 Windows Media Player information disclosure
[46455] Microsoft Exchange Server 2007 privilege escalation
[46454] Microsoft Exchange Server 2007 denial of service
[46343] F-Secure Anti-Virus up to 8.00 on Windows Numeric Error
[46327] Microsoft Word 2007 information disclosure
[45388] CA ARCserve Backup up to R12.0 on Windows memory corruption
[45379] Microsoft Office SharePoint Server 2007 weak authentication
[45375] Symantec Backup Exec 12.0 on Windows memory corruption
[45374] Symantec Backup Exec 12.0 on Windows weak authentication
[45131] Microsoft Office Communicator denial of service
[45130] Microsoft Office Communicator denial of service
[45040] Microsoft .NET Framework 2.0.50727 Code Access Security weak encryption
[44970] Novell eDirectory up to 8.8 on Windows denial of service
[44958] Microsoft SharePoint Server cross site scripting
[44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
[44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
[44589] Microsoft Exchange Server 2003 Outlook Web Access directory traversal
[44238] Microsoft iis ActiveX Control iisext.dll privilege escalation
[44237] Microsoft iis ActiveX Control adsiis.dll privilege escalation
[44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
[43957] Microsoft Office 2003/2007/Xp gdiplus.dll Numeric Error
[43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
[43955] Microsoft Office 2003/2007/Xp gdiplus.dll denial of service
[43952] Microsoft Office 2003/2007/Xp URI privilege escalation
[43822] Microsoft .NET Framework 1.1 Request Validation cross site scripting
[43821] Microsoft .NET Framework 1.1 Request Validation cross site scripting
[43723] Microsoft Visual Studio Masked Edit Control Msmask32.ocx memory corruption
[43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 denial of service
[43661] Microsoft PowerPoint Viewer 2003 denial of service
[43660] Microsoft PowerPoint Viewer 2003 denial of service
[43657] Microsoft Office 2000/2003/Xp denial of service
[43654] Microsoft SharePoint Server 2007 denial of service
[43653] Microsoft Office 2000/2002/2004/2008 privilege escalation
[43652] Microsoft Office 2000/2002/2003/2004/2008 privilege escalation
[43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
[43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx privilege escalation
[42966] Novell iPrint Client up to 4.34 Client for Windows ienipp.ocx memory corruption
[42816] Microsoft Word 2000/2003 denial of service
[42326] Microsoft Office up to Xp denial of service
[42317] TFTP Server SP 1.4/1.5 on Windows memory corruption
[42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
[41881] Microsoft Office 2003/2007/2007 Sp1/Xp denial of service
[41880] Microsoft Project 2000/2002/2003 denial of service
[41613] BootManage TFTPD Windows memory corruption
[41455] Microsoft Office 2000/2003/2004/Xp privilege escalation
[41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
[41453] Microsoft Excel 2000/2002/2003 privilege escalation
[41452] Microsoft Excel 2000/2002/2003/2007 privilege escalation
[41451] Microsoft Excel 2000/2002/2003 privilege escalation
[41450] Microsoft Excel 2000 privilege escalation
[41449] Microsoft Excel 2000/2002/2003 privilege escalation
[41448] Microsoft Office 2000/Xp Office Web Components privilege escalation
[41289] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx privilege escalation
[41288] Symantec Backup Exec 12.0 on Windows ActiveX Control pvcalendar.ocx memory corruption
[41003] Microsoft Office 2000/2003/2004/Xp denial of service
[41002] Microsoft Office 2000/2003/Xp denial of service
[40985] Microsoft IIS up to 6.0 privilege escalation
[40084] 3ivx Mpeg-4 Codec 4.5.1 Windows Media Player mplayer2.exe memory corruption
[40042] Microsoft Access memory corruption
[40020] Microsoft Office 2007 ZIP Container privilege escalation
[38957] Microsoft SQL Server privilege escalation
[38899] Microsoft ISA Server 2004 information disclosure
[38782] Microsoft Visual Studio up to 6.0 ActiveX Control pdwizard.ocx privilege escalation
[38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
[38595] Microsoft MSN Messenger 7.0 memory corruption
[38253] Microsoft Visual Studio 6.0 ActiveX Control vdt70.dll NotSafe memory corruption
[38184] Atheros 802.11 ABG Wireless Adapter Driver up to 802.10 on Windows denial of service
[38026] Sun Java System Application Server up to 8.2 on Windows unknown vulnerability
[37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
[37738] Microsoft Office 2002/2003 memory corruption
[37566] Microsoft Excel 2003 unknown vulnerability
[37508] Microsoft MSN Messenger 4.7 denial of service
[37352] Microsoft Office DataSourceControl memory corruption
[37173] Microsoft Office htimage.exe unknown vulnerability
[37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
[37004] Microsoft IIS memory corruption
[36628] Microsoft Word 2000/2002/2003/2004 winword.exe privilege escalation
[36621] Microsoft Exchange Server 2000 Numeric Error
[36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
[36619] Microsoft Exchange Server 2000/2003/2007 MIME memory corruption
[36618] Microsoft Exchange Server 2000 denial of service
[36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
[36051] Microsoft Word 2007 file798-1.doc memory corruption
[36050] Microsoft Word 2007 file789-1.doc memory corruption
[36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
[35684] Microsoft Visual Studio mfc42u.dll afxoleseteditmenu memory corruption
[35373] Microsoft Excel 2003 denial of service
[35372] Microsoft Office 2003 denial of service
[35161] Microsoft ISA Server 2004 unknown vulnerability
[35011] Microsoft PowerPoint memory corruption
[35001] Microsoft Office 2000/2003/2004/Xp privilege escalation
[35000] Microsoft Word 2000/2002/2003 privilege escalation
[34993] Microsoft Office 2000/2003/Xp memory corruption
[34991] Microsoft Visual Studio 8.0 msvcr80.dll denial of service
[34592] Microsoft Visual Studio 6.0 msdev.exe memory corruption
[34322] Microsoft Office 2000/2003/Xp memory corruption
[34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet memory corruption
[34320] Microsoft Office 2000/2003/2004/Xp memory corruption
[34319] Microsoft Office 2000/2003/2004/Xp memory corruption
[34318] Microsoft Office 2000/2003/2004/Xp memory corruption
[34253] Microsoft IIS denial of service
[34126] Microsoft Office 2003 memory corruption
[34122] Microsoft Office Web Components 2000 privilege escalation
[33866] Microsoft IIS 5.1 Web Directory com privilege escalation
[33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
[33766] Microsoft Word 2000/2002/2003 memory corruption
[33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
[32693] Microsoft Word 2004 memory corruption
[32690] Microsoft Office 2000/2003/2004/Xp privilege escalation
[32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
[32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
[32687] Microsoft Word 2000/2002 memory corruption
[32686] Microsoft Office 2000/2001/2003/2004 Numeric Error
[32685] Microsoft Office 2000/2001/2003/2004 memory corruption
[32676] Microsoft Office 2000/2001/2003/2004 privilege escalation
[32675] Microsoft Office 2000/2003/2004/Xp privilege escalation
[32055] Microsoft Visual Studio 6.0 tcprops.dll memory corruption
[32006] Cybozu Garoon 2.1.0 For Windows sql injection
[31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption
[31691] Microsoft Hyperlink Object Library hlink.dll object memory corruption
[31679] IBM Informix Dynamic Server up to 9.40 on Windows memory corruption
[31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service
[31354] Microsoft PowerPoint 2003 memory corruption
[31351] Microsoft ISA Server 2004 Filters unknown vulnerability
[31318] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation
[31317] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation
[31316] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation
[31313] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation
[31312] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation
[31311] Microsoft Excel 2000/2002/2003/XP privilege escalation
[31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
[31237] Microsoft Office 2000/2003/Xp privilege escalation
[31235] Microsoft Office 2000/2003/Xp memory corruption
[31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption
[29831] Microsoft Malware Protection Engine up to 1.1.10600.0 privilege escalation
[29524] Microsoft ISA Server 2004 unknown vulnerability
[29423] Microsoft Office 2000/2003/2004/Xp excel.exe privilege escalation
[29414] Microsoft .NET Framework 1.0/1.1 memory corruption
[29209] Microsoft Office 2000/2003/2004/Xp memory corruption
[29208] Microsoft Office 2000/2003/2004/Xp memory corruption
[29207] Microsoft Office 2000/2003/2004/Xp memory corruption
[29206] Microsoft Office 2000/2003/2004/Xp memory corruption
[29205] Microsoft Office 2000/2003/2004/Xp memory corruption
[29005] Lighttpd 1.4.10 on Windows response.c information disclosure
[28939] Microsoft Word 2003 denial of service
[25752] Microsoft MSN Messenger weak encryption
[25649] Microsoft IIS 5.0 Application Firewall cross site scripting
[25518] Microsoft ISA Server 2000 Packet Filter unknown vulnerability
[25517] Microsoft ISA Server 2000 unknown vulnerability
[25397] Microsoft ISA Server 2000 wspsrv.exe denial of service
[24822] Microsoft Outlook 2003 Outlook Web Access weak authentication
[24640] Microsoft Office InfoPath 2003 SP1 information disclosure
[24510] Microsoft Word 2000/2002/2003 memory corruption
[24284] Microsoft SharePoint Team Services cross site scripting
[24280] Microsoft Exchange Server up to 5.0 memory corruption
[23648] Microsoft Word 6.0 memory corruption
[22126] Microsoft Outlook 2003 Access Restriction privilege escalation
[68417] Microsoft Exchange 2013 Outlook Web Access privilege escalation
[68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access privilege escalation
[68409] Microsoft Office 2007/2010/2013 memory corruption
[68408] Microsoft Excel 2007/2010/2013 privilege escalation
[68407] Microsoft Excel 2007/2010 privilege escalation
[68406] Microsoft Word memory corruption
[68405] Microsoft Word 2007/2010 Index privilege escalation
[68404] Microsoft IIS 7.5 Error Message mypage cross site scripting
[68193] Microsoft IIS 8.0/8.5 IP/Domain Restriction privilege escalation
[68191] Microsoft SharePoint 2010 cross site scripting
[68188] Microsoft Word 2007 File privilege escalation
[68187] Microsoft Word 2007 File privilege escalation
[68186] Microsoft Word 2007 File privilege escalation
[68185] Microsoft .NET Framework up to 4.5.2 Object privilege escalation
[67829] Microsoft Office 2007/2010/2011 Object privilege escalation
[67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
[67824] Microsoft .NET Framework up to 4.5.2 denial of service
[67823] Microsoft .NET Framework up to 4.5.2 ClickOnce privilege escalation
[67518] Microsoft Lync 2013 denial of service
[67517] Microsoft Lync 2013 Script Reflected cross site scripting
[67516] Microsoft Lync 2010/2013 privilege escalation
[67514] Microsoft .NET Framework up to 4.5.2 Hash Collision Form denial of service
[67452] Novell GroupWise Client 8.0x/2012/2014 on Windows denial of service
[67361] Microsoft .NET Framework 1.1/2.0/3.0/3.5/3.5.1 ASLR privilege escalation
[67360] Microsoft SharePoint 2013 App Permission Management privilege escalation
[67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services denial of service
[67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query cross site scripting
[66976] Microsoft Access 2010 VBA denial of service
[21964] Microsoft Java Virtual Machine 5.0.0.3810 Sandbox privilege escalation
[21838] Microsoft Sharepoint Portal Server 2001 cross site scripting
[21586] HD Soft Windows FTP Server up to 1.6 wscanf Format String
[20941] NIPrint LPD-LPR Print Server up to 4.10 Windows Explorer Invoker privilege escalation
[20870] Microsoft Wordperfect Converter Corel Wordperfect File memory corruption
[20869] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control memory corruption
[20732] Microsoft SQL Server 7.0/2000 Named Pipe denial of service
[20695] Microsoft ISA Server Error Page 400.htm/500.htm cross site scripting
[20581] Sun One Application Server 7.0 on Windows Error Message cross site scripting
[20580] Sun One Application Server 7.0 on Windows URI weak authentication
[20579] Sun One Application Server 7.0 on Windows JSP Request Source information disclosure
[20395] Microsoft Proxy Server/ISA Server Winsock Service denial of service
[20327] Microsoft Word/Excel 98 Field Code information disclosure
[20214] Microsoft ISA Server 2000 DNS Intrusion Detection Application Filter denial of service
[20162] National University Of Singapore uxterm 2.3/2.4.1 Windows Title privilege escalation
[20111] Apache HTTP Server up to 2.0.43 on Windows HTTP Request privilege escalation
[20109] Microsoft Outlook 2002 V1 Exchange Server Security Certificate weak encryption
[20037] Trend Micro Interscan Viruswall 3.52 on Windows gzip Content Encoding privilege escalation
[19743] Microsoft Outlook 2002 javascript URI cross site scripting
[19742] Microsoft Outlook 2000/2002 IFRAME privilege escalation
[19671] Apache HTTP Server 1.3.20 on Windows /php/ privilege escalation
[19650] Apache Tomcat 4.0.3 on Windows HTTP Request information disclosure
[19623] Microsoft SQL Server up to 2000 SP2 Stored Procedure sp_MSSetServerProperties/sp_MSsetalertinfo privilege escalation
[19563] MySQL up to 3.20.52 on Windows Service privilege escalation
[19550] Microsoft IIS 5.0/5.1 HTTP Request denial of service
[19518] Microsoft Exchange 2000 Request denial of service
[19515] Microsoft Exchange 2000 Remote Procedure Call denial of service
[19514] Microsoft SQL Server up to 2000 Authentication Password weak encryption
[19500] Oracle Application Server up to 9.0.2.0.1 on Windows web-inf privilege escalation
[19497] Macromedia JRun 3.0/3.1/4.0 on Windows web-inf privilege escalation
[19474] Microsoft MSN Messenger up to 4.6 Request denial of service
[19452] MySQL up to 3.23.2 on Windows weak authentication
[19433] Microsoft IIS 4.0/5.0 SMTP Service privilege escalation
[19388] Microsoft IIS 5.0 CodeBrws.asp memory corruption
[19387] Microsoft IIS 5.0 CodeBrws.asp directory traversal
[19361] Microsoft IIS 5.1 Frontpage Server Extension File colegal.htm directory traversal
[19360] Microsoft IIS 5.1 GET Request /_vti_pvt/access.cnf Path information disclosure
[19359] Microsoft Office XP Spreadsheet Host privilege escalation
[19342] Microsoft MSN Messenger up to 4.6 memory corruption
[19338] Microsoft IIS 4.0 File privilege escalation
[19222] Microsoft Office Web Components 10 DataSourceControl ConnectionFile information disclosure
[19221] Microsoft Office Web Components 10 Spreadsheet File information disclosure
[19220] Microsoft Office Web Components 9/10 Chart Load File information disclosure
[19218] Microsoft Outlook 2002 Header Field denial of service
[19181] Microsoft Java Virtual Machine 1.1 Restriction privilege escalation
[19180] Microsoft Java Virtual Machine 1.1 HTML Object Reference privilege escalation
[19179] Microsoft Java Virtual Machine 1.1 CabCracker com.ms.vm.loader.cabcracker load0 privilege escalation
[19178] Microsoft Java Virtual Machine up to 5.0.3805 Standard Security Manager com.ms.security.StandardSecurityManager privilege escalation
[19177] Microsoft Java Virtual Machine 1.1 privilege escalation
[19176] Microsoft Java Virtual Machine 1.1 Applet ClipBoardGetText/ClipBoardSetText Clipboard privilege escalation
[19175] Microsoft Java Virtual Machine 1.1 getNativeServices memory corruption
[19174] Microsoft Java Virtual Machine 1.1 getabsolutepath Directory information disclosure
[19173] Microsoft Java Virtual Machine up to 1.1 Class Name Class.forName/ClassLoader.loadClass memory corruption
[19172] Microsoft Java Virtual Machine 1.1 URL privilege escalation
[19136] Microsoft IIS 5.0/5.1 WebDAV Memory denial of service
[19135] Microsoft IIS up to 5.1 cross site scripting
[19134] Microsoft IIS 5.0 Source Access Permission Script privilege escalation
[19133] Microsoft IIS up to 5.1 dllhost.exe privilege escalation
[19087] Microsoft SQL Server up to 7.0 Stored Procedure xp_runwebtask privilege escalation
[19060] Microsoft SQL Server 7.0/2000 Data Engine privilege escalation
[19059] Microsoft SQL Server 7.0/2000 Database Console Command memory corruption
[18800] Microsoft SQL Server 2000 Authentication memory corruption
[18789] Microsoft SQL Server 2000 SP2 Stored Procedure sp_MScopyscript privilege escalation
[18786] Microsoft File Transfer Manager up to 3.x ActiveX Control Persist weak authentication
[18785] Microsoft File Transfer Manager up to 3.x ActiveX Control memory corruption
[18777] Microsoft Project 2000/2002 Office Web Components Copy/Paste privilege escalation
[18776] Microsoft Project 2000/2002 Office Web Components LoadText File information disclosure
[18774] Microsoft Project 2002 Office Web Components setTimeout privilege escalation
[18755] Microsoft SQL Server 2000 Jet Engine opendatasource memory corruption
[18745] Microsoft SQL Server 7.0/2000 Extended Stored Procedure privilege escalation
[18742] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Error Message Path information disclosure
[18615] Microsoft SQL Server 2000 0x08 Packet denial of service
[18609] Microsoft Exchange 5.5 Mail Connector memory corruption
[18607] Microsoft SQL Server 7.0/2000 Data Access Components OpenRowSet memory corruption
[18605] Apache HTTP Server up to 2.0.39 on Windows/OS2/Netware Backslash directory traversal
[18598] Microsoft SQL Server 2000 Keep-Alive denial of service
[18597] Microsoft SQL Server 2000 Resolution Service memory corruption
[18596] Microsoft SQL Server 2000 Stored Procedure sql injection
[18595] Microsoft SQL Server 2000 DBCC memory corruption
[18593] Microsoft Word 2000 Mail Merge Tool privilege escalation
[18592] Microsoft Excel 2000/2002 Macro Security privilege escalation
[18591] Microsoft Excel 2000/2002 Macro Security privilege escalation
[18590] Microsoft Excel 2000/2002 Macro Security privilege escalation
[18528] Microsoft MSN Messenger 3.6 Communication weak authentication
[18498] Microsoft IIS 5.0/5.1 WebDAV IP Address information disclosure
[18497] Microsoft IIS 4.0 Change Password /iisadmpwd privilege escalation
[18495] Microsoft IIS up to 5.1 NTLM Authentication information disclosure
[18449] Microsoft .NET Framework 1.0 orderdetails.aspx information disclosure
[18411] Microsoft SQL Server 2000 Query memory corruption
[18410] Microsoft SQL Server 2000 Password Encryption memory corruption
[18348] Microsoft IIS 4.0/5.0 HTR Request memory corruption
[18346] Microsoft SQL Server 2000 SQLXML cross site scripting
[18345] Microsoft SQL Server 2000 SQLXML ISAPI Extension memory corruption
[18245] Microsoft Exchange 2000 RFC Message Attribute denial of service
[18173] Apache HTTP Server 2.0.28 on Windows CGI Module php.exe Path information disclosure
[18146] Microsoft MSN Messenger Service for Exchange 4.5/4.6 ActiveX Control memory corruption
[18138] Microsoft Word 2000/2002 Rich Text Format cross site scripting
[18134] Microsoft MSN Messenger 4.0 ActiveX Object information disclosure
[18095] Microsoft SQL Server 7.0/2000 Extended Stored Procedure memory corruption
[18076] Microsoft IIS 4.0/5.0/5.1 HTTP Header memory corruption
[18075] Microsoft IIS 4.0/5.0/5.1 ASP Server-Side Include memory corruption
[18074] Microsoft IIS 4.0/5.0/5.1 Error Page cross site scripting
[18073] Microsoft IIS 4.0/5.0/5.1 ASP Data Transfer memory corruption
[18072] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer memory corruption
[18071] Microsoft IIS 4.0/5.0/5.1 Error cross site scripting
[18070] Microsoft IIS 4.0/5.0/5.1 Help File Search cross site scripting
[18069] Microsoft IIS 4.0/5.0/5.1 FTP Service denial of service
[18068] Microsoft IIS 4.0/5.0/5.1 URL Parser w3svc.dll denial of service
[18067] Microsoft IIS 4.0/5.0 HTR ISAPI Extension ism.dll memory corruption
[17961] Microsoft SQL Server 7.0/2000 OLE DB Provider memory corruption
[17955] Microsoft Exchange 2000 Privilege Registry privilege escalation
[17948] Microsoft Office on Mac PID Checker denial of service
[17852] Microsoft ISA Server 2000 UDP Packet denial of service
[17762] Microsoft SQL Server 7.0/2000 C Runtime Format String
[17759] Microsoft SQL Server 7.0/2000 memory corruption
[17743] Citrix ICA Client 6.1 on Windows ICA File privilege escalation
[17735] Microsoft IIS 5.0 Content-Length Header denial of service
[17662] Microsoft Exchange 5.5 Outlook Web Access privilege escalation
[17604] Microsoft IIS 3.0/4.0/5.0 Web Log Entry weak authentication
[17583] Microsoft Excel/PowerPoint 98/2000/2001/2002 Data Stream privilege escalation
[17571] Microsoft Exchange 5.5 Outlook Web Access User information disclosure
[17569] Microsoft IIS 4.0 Redirect denial of service
[17424] Microsoft IIS up to 4.0 Unicode Character Source information disclosure
[17388] Microsoft ISA Server 2000 URL cross site scripting
[17374] Microsoft ISA Server 2000 H.323 denial of service
[17370] Microsoft IIS 5.0 WebDAV denial of service
[17360] Microsoft IIS 4.0 Index Server SQLQHit.asp information disclosure
[17161] Microsoft Outlook 2002 View ActiveX Control privilege escalation
[17050] Microsoft Exchange 2000/5.5 Outlook Web Access cross site scripting
[17015] Microsoft Exchange 2000/5.5 LDAP denial of service
[16972] IRIX/Linux/Windows MSS denial of service
[16965] Microsoft IIS 4.0/5.0 Device File asp.dll Scripting.FileSystemObject denial of service
[16917] Microsoft ISA Server 2000 Web Proxy denial of service
[16839] Microsoft IIS 5.0 MS01-014/MS01-016 Patches denial of service
[16838] Microsoft IIS 5.0 MS00-060 Patch denial of service
[16837] Microsoft Internet Information Server 4.0/5.0 FTP Service User information disclosure
[16836] Microsoft IIS 5.0 FTP Service denial of service
[16835] Microsoft IIS 3.0/4.0/5.0 Escape Character directory traversal
[16754] Microsoft Outlook up to 2000 Holiday Feature weak authentication
[16709] Microsoft IIS 5.0 WebDAV Request denial of service
[16705] Microsoft Exchange/IIS URL Memory denial of service
[16602] Microsoft Visual Studio 6.0 VB-TSQL Debugger vbsdicli.exe memory corruption
[16599] Microsoft Outlook 2000/98/5.0 vCard memory corruption
[16493] Microsoft Exchange 5.0/5.5 SMTP Command memory corruption
[16425] Microsoft IIS 4.0/5.0 Frontpage Server Extensions denial of service
[16371] Microsoft IIS 4.0/5.0 URL File information disclosure
[16369] Microsoft IIS 4.0/5.0 Double Byte Character Set Source information disclosure
[16295] Microsoft Exchange 2000 User Account weak authentication
[16260] Microsoft IIS 4.0/5.0 Error Message cross site scripting
[16181] Microsoft IIS 4.0/5.0 ASP Session Cookie weak authentication
[16162] Microsoft IIS 5.0 Index Server privilege escalation
[16108] Microsoft IIS 4.0/5.0 Executable Files Parser privilege escalation
[16106] Microsoft IIS 4.0/5.0 Unicode directory traversal
[16027] Microsoft Exchange 5.5 MIME Header denial of service
[15989] Microsoft IIS 4.0 URL INETINFO.EXE denial of service
[15930] Microsoft Word 2000 Mail Merge Tool privilege escalation
[15920] Microsoft IIS 5.0 ASP File privilege escalation
[15912] Microsoft IIS 4.0/5.0 File Permission privilege escalation
[15907] Microsoft Word/Excel/Powerpoint 2000 Object Tag memory corruption
[15898] Microsoft Outlook 98/2000 vCard denial of service
[15895] Microsoft Outlook 97/98/2000 Rich Text Path information disclosure
[15888] Microsoft IIS 4.0/5.0 Error Message shtml.dll cross site scripting
[15782] Microsoft Outlook up to 2000 Cache privilege escalation
[15773] Microsoft Outlook up to 2000 Date Field memory corruption
[15770] Microsoft IIS 4.0/5.0 Request privilege escalation
[15766] Microsoft IIS 3.0/4.0/5.0 Administrative Script denial of service
[15764] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 HTTP 1.0 Request IP Address information disclosure
[15626] Microsoft Exchange 4.0/5.0 Field Blank denial of service
[15608] Apache HTTP Server up to 1.3.6.2 on Windows Directory information disclosure
[15548] Microsoft Outlook up to 98 Message denial of service
[15546] Microsoft IIS 4.0/5.0 HTR Request ISM.DLL privilege escalation
[15542] Microsoft Office 2000 UA ActiveX Control Show Me privilege escalation
[15540] Microsoft IIS 4.0/5.0 File Extension denial of service
[15535] Microsoft IIS 4.0/5.0 HTR Request inetinfo.exe denial of service
[15530] Microsoft IIS 4.0/5.0 Frontpage Server Extensions shtml.exe Path information disclosure
[15444] Microsoft IIS 4.0/5.0 URL privilege escalation
[15422] Microsoft Excel 97/2000 XLM 7PK Security Features
[15416] Microsoft IIS 4.0/5.0 ISAPI Extension Source information disclosure
[15400] Microsoft IIS 4.0 Chunked Transfer Encoding memory corruption
[15379] Microsoft SQL Server 7.0 SELECT Statement privilege escalation
[15376] Microsoft Clip Art Gallery 5.0 CIL File memory corruption
[15364] Microsoft Exchange Read Receipt denial of service
[15300] Microsoft IIS 3.0/4.0 Frontpage Server Extensions /_vti_bin/shtml.dll Username information disclosure
[15270] Microsoft IIS 3.0/4.0 Sample Internet Data Query Script directory traversal
[15265] Microsoft IIS Visual Basic Script denial of service
[15243] Microsoft IIS 4.0 IDA/IDQ File Path information disclosure
[15206] Microsoft IIS 4.0 Microsoft Visual InterDev weak authentication
[15195] Microsoft PowerPoint 95/97 Slide Show privilege escalation
[15186] Microsoft IIS 4.0 winmsdp.exe privilege escalation
[15163] DEC OpenVMS 5.3/5.5.2 VMS DECwindows/MOTIF weak authentication
[15149] Microsoft IIS 4.0 Domain Resolution privilege escalation
[15148] Microsoft IIS 3.0 ASP Site denial of service
[15141] Microsoft IIS 4.0 FTP Server denial of service
[15126] Microsoft Excel 97 Russian New Year Call privilege escalation
[15125] Microsoft Exchange 5.0/5.5 NNTP/SMTP denial of service
[15123] Microsoft IIS 3.0/4.0 on x86/Alpha HTTP GET denial of service
[15120] Microsoft IIS 2.0/3.0 ASP Source information disclosure
[15080] Microsoft IIS 4.0 ASP File Source information disclosure
[15079] Microsoft IIS 4.0 URL privilege escalation
[15056] Microsoft Exchange 5.0/5.5 Access Control List Configuration
[15054] Apache HTTP Server on Windows URL privilege escalation
[14990] Microsoft SQL Server 7.0 TDS Packet privilege escalation
[14905] Microsoft Java Virtual Machine Sandbox Configuration
[14860] Microsoft MSN Messenger 4.71.0.10 setupbbs.ocx vAddNewsServer/bIsNewsServerConfigured memory corruption
[14853] Microsoft IIS 4.0 File privilege escalation
[14783] Microsoft IIS 3.0/4.0 Asian Language Configuration
[14772] Microsoft IIS 4.0 HTTP Request privilege escalation
[14771] Microsoft IIS 3.0 SSL ISAPI Filter race condition
[14759] Microsoft Exchange 5.5 SMTP Address privilege escalation
[14731] Microsoft IIS 3.0/4.0 Data Access Components privilege escalation
[14722] Microsoft IIS 3.0/4.0 SSL denial of service
[14721] Microsoft IIS 4.0 Sun Java HotSpot denial of service
[14703] Microsoft Outlook 97/98/2000 X-UIDL Header denial of service
[14694] Microsoft IIS 4.0 Request IDC memory corruption
[14648] Microsoft IIS denial of service
[14640] Microsoft IIS 4.0 codebrws.asp privilege escalation
[14639] Microsoft IIS 4.0 code.asp privilege escalation
[14638] Microsoft IIS 4.0 viewcode.asp privilege escalation
[14637] Microsoft IIS 4.0 showcode.asp privilege escalation
[14636] Microsoft Excel 97 Malware Warning privilege escalation
[14539] Microsoft Exchange SMTP Service denial of service
[14536] Microsoft Frontpage/Personal Web Server URL privilege escalation
[14512] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion privilege escalation
[14496] Microsoft IIS 3.0/4.0 ASP showfile.asp FileSystemObject privilege escalation
[14492] Microsoft IIS 4.0 /IISADMPWD privilege escalation
[14467] Microsoft IIS 3.0/4.0 FTP Server memory corruption
[14466] Microsoft IIS 4.0 ASP Caching information disclosure
[14465] Microsoft IIS 2.0/3.0/4.0/5.0 IISAPI Extension perl.exe information disclosure
[14458] Microsoft IIS 3.0/4.0 NLST Command denial of service
[14450] Microsoft IIS 4.0 Frontpage Server Extensions fpcount.exe memory corruption
[14349] Microsoft IIS Server Side Includes #exec privilege escalation
[14324] Microsoft IIS 4.0 Log privilege escalation
[14314] Microsoft Access 97 Password weak encryption
[14271] Microsoft Exchange 5.5 LDAP Bind bind memory corruption
[14157] Microsoft IIS 3.0/4.0 PKCS #1 information disclosure
[14140] Microsoft IIS 3.0/4.0 ASP File information disclosure
[14074] Microsoft IIS 4.0 File Name privilege escalation
[14050] Microsoft Exchange 4.0/5.0 SMTP HELO memory corruption
[13974] Microsoft IIS 3.0 newdsn.exe privilege escalation
[13908] Microsoft IIS 2.0/3.0 URL denial of service
[13812] Microsoft IIS 1.0/2.0/3.0 ASP Code privilege escalation
[13725] Microsoft IIS 1.0 cmd privilege escalation
[13547] Microsoft Lync 2010/2013 Meeting cross site scripting
[13545] Microsoft Word 2007 Embedded Font memory corruption
[13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll privilege escalation
[13394] IBM DB2 up to 10.5.0.2 on Windows Stored Procedure privilege escalation
[13230] Microsoft .NET Framework up to 4.5.1 TypeFilterLevel Check privilege escalation
[13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
[13228] Microsoft Office 2013 Document information disclosure
[13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker privilege escalation
[13226] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation
[13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
[13224] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation
[12859] Microsoft Word 2003 Office Document memory corruption
[12845] Microsoft Word 2003 Office File memory corruption
[12844] Microsoft Word 2007/2010 Office File memory corruption
[12843] Microsoft Office 2007/2010/2011/2013 XML Parser denial of service
[12801] Microsoft Xbox Live Password Recovery weak authentication
[12693] haxx.se cURL/libcURL up to 7.35.0 on Windows Schannel SSL Backend privilege escalation
[12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
[12311] Microsoft Lync 2010 Search privilege escalation
[12271] Microsoft .NET Framework up to 4.5.1 HTTP POST privilege escalation
[12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR privilege escalation
[12265] Microsoft .NET Framework up to 4.5.1 privilege escalation
[12185] Microsoft .NET Framework 2/4 HMAC weak authentication
[12116] Pidgin 2.10.7 on Windows file:/ gtkutils.c privilege escalation
[12089] Microsoft Bing 4.2.0 on Android DNS Response APK File Installation privilege escalation
[12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document denial of service
[11951] Microsoft Word/Office/Sharepoint Office File memory corruption
[11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
[11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
[11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
[11468] Microsoft Exchange 2010/2013 cross site scripting
[11466] Microsoft Office 2013 File Response information disclosure
[11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
[11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
[11230] Microsoft Word 2003 DOC Document denial of service
[11151] Microsoft Outlook -/2007/2010/2013 S/MIME Certificate Metadata Expansion information disclosure
[11149] Microsoft Office -/2003/2007/2010/2013 WordPerfect Document epsimp32.flt memory corruption
[11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
[11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
[10648] Microsoft Word 2007 Word File memory corruption
[10647] Microsoft Word 2003 Word File memory corruption
[10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
[10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
[10640] Microsoft .NET Framework up to 4.5 JSON Data privilege escalation
[10639] Microsoft .NET Framework up to 4.5 XML External Entity privilege escalation
[10250] Microsoft SharePoint Server up to 2013 W3WP Process privilege escalation
[10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow privilege escalation
[10248] Microsoft SharePoint Server up to 2013 cross site scripting
[10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
[10245] Microsoft Office 2003/2007/2010 Word File memory corruption
[10244] Microsoft Office 2003 SP3 Word File memory corruption
[10243] Microsoft Office 2003/2007 Word File memory corruption
[10242] Microsoft Office 2007 Word File memory corruption
[10241] Microsoft Office 2007 Word File memory corruption
[10240] Microsoft Office 2003/2007/2010 Word File memory corruption
[10239] Microsoft Office 2003/2007 Word File memory corruption
[10238] Microsoft Excel 2003/2007 XML External Entity Data memory corruption
[10237] Microsoft Excel 2003/2007/2010 XML External Entity Data privilege escalation
[10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
[10235] Microsoft Excel/Office/SharePoint Office File memory corruption
[10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
[10233] Microsoft Word/Sharepoint Office File memory corruption
[10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
[10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
[10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
[10229] Microsoft Access 2007/2010/2013 Access File memory corruption
[10228] Microsoft Access 2007/2010/2013 Access File memory corruption
[10227] Microsoft Access 2007/2010/2013 Access File memory corruption
[10189] Microsoft Outlook 2007/2010 S/MIME denial of service
[9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize memory corruption
[9558] Novell GroupWise Client up to 2012 12.0.1 HP1 on Windows Javascript/Active X Script cross site scripting
[9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
[9395] Microsoft .NET Framework up to 4.5 Object Delegation privilege escalation
[9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array privilege escalation
[9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
[9392] Microsoft .NET Framework up to 4.5 Permission privilege escalation
[9189] Microsoft Outlook S/MIME weak encryption
[8747] Microsoft Malware Protection Engine 1.1.9402.0 File Scan memory corruption
[8737] Microsoft Word 2003 SP3 Shape Data Parser privilege escalation
[8725] Microsoft Lync 2010/2013 memory corruption
[8724] Microsoft .NET Framework 4.5 WCF Authentication Endpoint Setup weak authentication
[8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File privilege escalation
[8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
[8200] Microsoft SharePoint Server 2013 ACL privilege escalation
[8172] Microsoft Skype up to 6.2.0.106 unknown vulnerability
[7981] FFmpeg up to 1.1.3 Microsoft RLE Data msrledec.c msrle_decode_8_16_24_32 memory corruption
[7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser information disclosure
[7968] Microsoft SharePoint Server 2010 SP1 Input Validator memory corruption
[7967] Microsoft SharePoint Server 2010 SP1 User Account directory traversal
[7966] Microsoft SharePoint Server 2010 SP1 cross site scripting
[7965] Microsoft SharePoint Server 2010 SP1 User Account Callback privilege escalation
[7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) memory corruption
[7343] Microsoft Lync 2012 HTTP Format String
[7259] Microsoft .NET Framework 3.5/3.5 SP1/3.5.1/4 Replace privilege escalation
[7256] Microsoft .NET Framework up to 4.5 XBAP privilege escalation
[7255] Microsoft .NET Framework up to 4.5 System.DirectoryServices.Protocolsb Method memory corruption
[7254] Microsoft .NET Framework up to 4.5 XAML Browser Application memory corruption
[7253] Microsoft .NET Framework up to 4.5 Code Access Security information disclosure
[7230] Microsoft Excel 2010 SP1 on 32-bit XLS File denial of service
[7209] NetIQ eDirectory up to 8.8.7.1 on Windows HTTP Request denial of service
[7121] Microsoft Exchange 2007/2010 RSS Feed privilege escalation
[7056] FreeSSHD 1.2.1/1.2.2/1.2.6 on Windows Authentication freeSSHd.exe weak authentication
[6969] Adobe ColdFusion 10.0 on Windows denial of service
[6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
[6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
[6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar memory corruption
[6930] Microsoft .NET Framework 4.0/4.5 Reflection Optimization Object Permission privilege escalation
[6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery privilege escalation
[6928] Microsoft .NET Framework up to 4 Path Subversion Libraries privilege escalation
[6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
[6926] Microsoft .NET Framework 1.0 SP3/1.1 SP1/2.0 SP2/3.5.1/4 Object Permission Handller privilege escalation
[6925] Microsoft IIS 7.0/7.5 FTP Command information disclosure
[6924] Microsoft IIS 7.5 Log File Permission information disclosure
[6918] Microsoft Excel 2007 SP2 Input Sanitizer memory corruption
[6831] Microsoft Office Picture Manager 2010 File memory corruption
[6830] Microsoft Word 2007/2010 File memory corruption
[6819] Microsoft Excel 2007 File memory corruption
[6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
[6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
[6622] Microsoft Word -/2003/2007/2010 RTF Document denial of service
[6621] Microsoft Word 2007 PAPX privilege escalation
[6563] Novell GroupWise 2012/8.0/8.00/8.01/8.02 Client for Windows memory corruption
[5945] Microsoft Office 2007/2010 memory corruption
[5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation
[5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation
[5906] Citrix Access Gateway Plugin up to 9.3.49.5 on Windows nsepa.exe StartEPA memory corruption
[5649] Microsoft Office 2003/2007/2010 libraries privilege escalation
[5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
[5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
[5643] Microsoft SharePoint 2007/2010 privilege escalation
[5642] Microsoft SharePoint 2007 privilege escalation
[5641] Microsoft SharePoint 2010 cross site scripting
[5636] Microsoft Outlook Web App up to 14.1.287.0 owa/redir.aspx weak authentication
[5623] Microsoft IIS up to 7.5 File Name Tilde privilege escalation
[5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 privilege escalation
[5474] Microsoft WordPad 5.1 DOC Document denial of service
[5445] Symantec Endpoint Protection up to 11.0 RU7 MP1 on Windows Server 2003 Network Threat Protection Module denial of service
[5368] Microsoft .NET Framework up to 4 privilege escalation
[5367] Microsoft .NET Framework up to 4 privilege escalation
[5362] Microsoft Office 2003/2007 GDI+ privilege escalation
[5360] Microsoft .NET Framework 4 memory corruption
[5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx Integer Coercion Error
[5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
[5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
[5050] Microsoft Office 2007 WPS Converter memory corruption
[5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
[5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
[5047] Microsoft .NET Framework up to 4.5 Parameter Validator privilege escalation
[5022] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe login memory corruption
[5021] Novell GroupWise 2.1.0 on Windows/Linux/NetWare Messenger nmma.exe createsearch memory corruption
[4941] Microsoft Security Essentials Antimalware Engine CAB File Parser privilege escalation
[4919] Microsoft Security Essentials Antimalware Engine TAR File Parser privilege escalation
[4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application privilege escalation
[4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
[4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
[4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
[4509] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Ticket Caching privilege escalation
[4508] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 Username Parser privilege escalation
[4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
[4506] Microsoft .NET Framework 1.1 SP1/2.0 SP2/3.5 SP1/3.5.1/4.0 ASP.NET Hash denial of service
[4482] Microsoft Word 2007/2010/2011 Document Parser denial of service
[4480] Microsoft Excel 2003 privilege escalation
[4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt privilege escalation
[4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader privilege escalation
[4471] Microsoft Office 2003/2007 Publisher privilege escalation
[4470] Microsoft Office 2003 SP3 privilege escalation
[4469] Microsoft Office Publisher privilege escalation
[4453] Microsoft Excel 2003 Record Parser privilege escalation
[4446] Microsoft Office 2007/2008 OfficeArt Record Parser privilege escalation
[4445] Microsoft Office 2007/2010/2011 Word Document Parser denial of service
[4414] Microsoft SharePoint 2010 cross site scripting
[4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS information disclosure
[4412] Microsoft Office 2003/2007 Library Loader privilege escalation
[4411] Microsoft Excel 2003 denial of service
[4397] Microsoft .NET Framework 3.5 SP1/4.x Chart Control information disclosure
[4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction information disclosure
[4370] Microsoft .NET Framework up to SP2 Array privilege escalation
[4369] Microsoft Excel 2002/2003/2007 privilege escalation
[4349] Microsoft Office 2004/2007/2008 Presentation File Parser privilege escalation
[4348] Microsoft PowerPoint 2002/2003/2007 privilege escalation
[4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler privilege escalation
[4332] Microsoft PowerPoint 2007/2010 privilege escalation
[4289] Microsoft Excel 2007 Shape Data Parser denial of service
[4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser privilege escalation
[4246] Oracle Database Server 11.1.0.7/11.2.0.1 on Windows Cluster Verify Utility unknown vulnerability
[4234] Microsoft IIS 7.5 FTP Server memory corruption
[4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service
[4229] Microsoft SharePoint 2007 Document Conversion Launcher Service unknown vulnerability
[4200] Microsoft .NET Framework 4.0 on 64-bit JIT Compiler privilege escalation
[4197] Microsoft SharePoint 2007/3.0 cross site scripting
[4196] Microsoft Word 2002/2003/2007/2010 memory corruption
[4186] Microsoft Outlook 2002/2003/2007 Content Parser memory corruption
[4180] Microsoft IIS 5.1/6.0/7.0/7.5 memory corruption
[4179] Microsoft IIS 7.5 FastCGI memory corruption
[4159] Microsoft Excel 2002/2003 SXDB PivotTable privilege escalation
[4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD privilege escalation
[4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll privilege escalation
[4133] Microsoft Office 2003/2007/Xp COM Object Instantiator privilege escalation
[4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
[4090] Microsoft Excel 2002/2003/2007 privilege escalation
[4082] Microsoft PowerPoint 2002 SP3 memory corruption
[4074] Microsoft IIS 5.0/5.06/5.1/6.0 ASP privilege escalation
[4069] Microsoft Project 2003/2007 Project Memory Validator denial of service
[4057] Microsoft Excel memory corruption
[4056] Microsoft Word 2002/2003 File Information Block Parser memory corruption
[4024] Microsoft IIS 5.0/6.0/7.0 FTP Server denial of service
[4000] Microsoft Office 2003/Sp3/Xp Web Components privilege escalation
[3999] Microsoft Office 2007 Pointer privilege escalation
[3974] Microsoft PowerPoint 2000/2002/2003 Sound Data memory corruption
[3973] Microsoft PowerPoint 2000/2002/2003 Notes Container memory corruption
[3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
[3971] Microsoft PowerPoint 2000/2002/2003 Object memory corruption
[3970] Microsoft PowerPoint 2000/2002/2003 Paragraph memory corruption
[3969] Microsoft PowerPoint 2000/2002/2003 Atom memory corruption
[3952] Microsoft ISA Server 2004/2006 denial of service
[3946] Microsoft PowerPoint 2000/2002/2003/2004 privilege escalation
[3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference privilege escalation
[3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
[3892] Microsoft Excel 2000/2002/2003 Formula denial of service
[3891] Microsoft Excel 2000/2002/2003 denial of service
[3890] Microsoft Excel 2000/2002/2003 NAME Index denial of service
[3889] Microsoft Word 2000/2002/2003/2007 Table Property memory corruption
[3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet denial of service
[3887] Microsoft Word 2000/2002/2003/2007 denial of service
[3886] Microsoft Word 2000/2002/2003/2007 ControlWord memory corruption
[3885] Microsoft Word 2000/2002/2003/2007 denial of service
[3884] Microsoft Word 2000/2002/2003/2007 denial of service
[3883] Microsoft Word 2000/2002/2003/2007 RTF memory corruption
[3882] Microsoft Word 2000/2002/2003/2007 LFO privilege escalation
[3844] Microsoft Excel 2003 REPT Numeric Error
[3843] Microsoft Excel up to 2007 BIFF File denial of service
[3842] Microsoft Excel 2003 VBA Performance Cache denial of service
[3841] Microsoft Office Xp CDO URI cross site scripting
[3799] Microsoft Visual Studio 6 Masked Edit Control memory corruption
[3796] Microsoft Office 2000 WPG privilege escalation
[3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT denial of service
[3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel denial of service
[3793] Microsoft Office 2000/2003/Xp PICT denial of service
[3792] Microsoft Office 2000 EPS File privilege escalation
[3783] Microsoft Word 2002 denial of service
[3782] Microsoft SQL Server Statement Numeric Error
[3781] Microsoft SQL Server Database Backup File memory corruption
[3780] Microsoft SQL Server Query Type Conversion memory corruption
[3779] Microsoft SQL Server Memory Page Reuse information disclosure
[3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
[3701] Microsoft Word 2003 CSS privilege escalation
[3700] Microsoft Word 2003 RTF Document privilege escalation
[3649] Microsoft Office up to XP privilege escalation
[3648] Microsoft Excel 2003 privilege escalation
[3647] Microsoft Outlook up to 2007 mailto URI privilege escalation
[3552] Microsoft Excel 2000/2002/2003 File memory corruption
[3491] Microsoft Web Proxy Auto-Discovery Feature unknown vulnerability
[3373] Microsoft Word 2000/2002 privilege escalation
[3309] Microsoft Visual Studio 6 ActiveX Control VBTOVSI.dll directory traversal
[3308] Microsoft Visual Studio 6 ActiveX Control PDWizard.ocx directory traversal
[3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
[3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
[3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
[3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
[3172] Microsoft Office Publisher 2007 Pointer denial of service
[3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object denial of service
[3065] Microsoft Excel 2000/2002/2003/2007 Filter memory corruption
[3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
[3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record memory corruption
[3053] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption
[3050] Microsoft Word Viewer 3.x OCX ActiveX Control memory corruption
[3049] Microsoft PowerPoint Viewer 3.x OCX ActiveX Control memory corruption
[3048] Microsoft Excel Viewer 3.x OCX ActiveX Control memory corruption
[2939] Microsoft Word 2000 memory corruption
[2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
[2884] Microsoft Word 2000/2002/2003 memory corruption
[2810] Microsoft Outlook 2000/2002/2003 Office Saved Search memory corruption
[2809] Microsoft Outlook 2000/2002/2003 Header denial of service
[2808] Microsoft Outlook 2000/2002/2003 Meeting denial of service
[2807] Microsoft Excel 2000/2002/2003 XLS File privilege escalation
[2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
[2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
[2695] Alt-N MDaemon 9.0.5/9.0.6/9.51/9.53 on Windows privilege escalation
[2610] Microsoft PowerPoint 2003 PPT Document denial of service
[2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
[2596] Microsoft Office 2000/2003/2004/Xp Value Read privilege escalation
[2595] Microsoft Office 2000/2001/2003/2004 Diagram Value privilege escalation
[2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
[2571] Microsoft PowerPoint up to 2003 Document privilege escalation
[2554] Microsoft PowerPoint 2000 memory corruption
[2508] Microsoft Word 2000 memory corruption
[2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
[2437] Microsoft Office up to XP Filename memory corruption
[2383] Citrix MetaFrame 1.8/3.0 on Windows Registry Permission privilege escalation
[2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption
[2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption
[2367] Microsoft Office 2000/2003/XP Document String privilege escalation
[2365] Microsoft Office 2000/2003/XP PNG Image memory corruption
[2364] Microsoft Office 2000/2003/XP GIF Image memory corruption
[2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption
[2349] Novell GroupWise up to 7.0 on Windows API Email unknown vulnerability
[2325] Microsoft Excel up to 2003 Hyperlink hlink.dll memory corruption
[2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption
[2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting
[2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption
[2294] Microsoft Word up to 2003 DOC Document privilege escalation
[2263] Cisco VPN Client up to 4.8.01.0300 on Windows privilege escalation
[2253] Microsoft Word up to 2003 privilege escalation
[2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption
[2190] Microsoft Office 2003 mailto URI unknown vulnerability
[2084] Microsoft Excel 95/97/2000/2002/2003 File memory corruption
[2083] Microsoft Office up to XP Routing Slip memory corruption
[2075] Microsoft Visual Studio 6 dbp File memory corruption
[2053] Microsoft Office/Visio/Project 2003 Korean Input Method Editor privilege escalation
[2052] Microsoft PowerPoint 2000 HTML Rendering information disclosure
[1975] PostgreSQL up to 8.1.1 on Windows Multiple Connection denial of service
[1971] Microsoft Visual Studio 2005 Form Loader load memory corruption
[1964] Microsoft Exchange 5/5.5/2000 Email memory corruption
[1963] Microsoft Outlook 2000/2002/2003 TNEF MIME Attachment Integer Coercion Error
[1947] PHP 4.3.10/4.4.0/4.4.1/4.4.2 on Windows mysql_connect memory corruption
[1928] Microsoft IIS 5.1 Virtual Directory privilege escalation
[1790] Microsoft Exchange 2000 SMTP Collaboration Data Object memory corruption
[1737] Microsoft Exchange 2003 IMAP4 Service Store.exe denial of service
[1704] Microsoft IIS 5.1/6 privilege escalation
[1699] Veritas Backup Exec up to 8.6 on Windows unknown vulnerability
[1697] Novell eDirectory 8.7.3 on Windows iMonitor memory corruption
[1669] Microsoft Word 2000 Shared Sections denial of service
[1668] Microsoft PowerPoint 2000 Shared Sections denial of service
[1667] Microsoft Outlook 2000 Shared Sections denial of service
[1666] Microsoft Office 2000 Shared Sections denial of service
[1665] Microsoft Excel 2000 Shared Sections denial of service
[1664] Microsoft Access 2000 Shared Sections denial of service
[1644] Sun MySQL up to 4.1.9 on Windows denial of service
[1597] Microsoft Word 2000/2002 Font Parser memory corruption
[1571] Microsoft Exchange 5.5 Outlook Web Access cross site scripting
[1351] Microsoft Exchange 2000/2003 SMTP Service memory corruption
[1348] Microsoft MSN Messenger up to 7.0beta GIF Image memory corruption
[1273] Sun MySQL up to 4.1.9 on Windows MS DOS Device Name denial of service
[1269] Microsoft Exchange 2003 Sub-Directories Store.exe denial of service
[1210] IBM DB2 up to 8.1 FP8 on Windows unknown vulnerability
[1192] Microsoft Office 2000/2002/XP URL memory corruption
[1188] Microsoft Exchange 2003 Outlook Web Access owalogon.asp information disclosure
[1154] Microsoft Office RC4 IV unknown vulnerability
[981] Microsoft Proxy Server/ISA Server up to 2000 DNS Revese Lookup Cache weak authentication
[961] Microsoft ISA Server HTTP Keep-Alive weak authentication
[881] Microsoft Excel 2000/2001/2002 memory corruption
[877] Microsoft Word 2002 DOC Document denial of service
[865] IBM DB2 Universal Database 7.x/8.x on Windows memory corruption
[857] Microsoft SQL Server up to 7.0 SP4 memory corruption
[832] Microsoft WordPerfect memory corruption
[783] Microsoft Exchange 5.5 Outlook Web Access HTML Redirection cross site scripting
[762] Microsoft IIS 4.0 Redirect memory corruption
[751] Microsoft Word Email privilege escalation
[705] Microsoft ISA Server 2000 SP2 Web Proxy denial of service
[704] Microsoft ISA Server 2000 SP2 Web Proxy privilege escalation
[703] Microsoft ISA Server 2000 SP2 Web Proxy denial of service
[702] Microsoft ISA Server 2000 SP2 External HTTP Traffic weak encryption
[701] Microsoft ISA Server 2000 SP2 ICMP unknown vulnerability
[700] Trend Micro OfficeScan up to Corporate 5.58 Windows Help unknown vulnerability
[694] PHP up to 4.3.6 on Windows escapeshellcmd/escapeshellarg privilege escalation
[663] Microsoft Outlook 2003 RTF Document OLE Object containing privilege escalation
[652] Microsoft Outlook 2003 HTML Mail Reply privilege escalation
[649] Microsoft IIS information disclosure
[574] Trend Micro VirusWall up to 3.52 Build1466 on Windows /ishttpd/localweb/java/ directory traversal
[553] Microsoft Messenger 6.0/6.1 File Request information disclosure
[551] Microsoft Outlook 2002/XP mailto cross site scripting
[479] Microsoft Exchange 2003 Outlook Web Access information disclosure
[477] Microsoft ISA Server 2000 H.323 Filter memory corruption
[476] Microsoft ISA Server 2000 H.323/H.225.0/Q.931 memory corruption
[467] Microsoft IIS up to 6.0 privilege escalation
[459] Microsoft IIS 5.0 Configuration
[419] Microsoft Exchange 2003 Outlook Web Access information disclosure
[407] Microsoft Messenger up to 6.0 MSG Message unknown vulnerability
[385] Microsoft Excel up to 2002 Macro Security memory corruption
[384] Microsoft Word 97/98/2000/2002 Macro Name memory corruption
[334] Microsoft Exchange 5.5 Outlook Web Access cross site scripting
[333] Microsoft Exchange 5.5/2000 SMTP Service memory corruption
[307] IBM DB2 Universal Database 7.x on Windows INVOKE memory corruption
[263] Microsoft Word 97/98/2000/2002 Macro privilege escalation
[262] Microsoft Office 97/2000/XP HTML memory corruption
[244] Sun MySQL 3/4 on Windows my.ini weak encryption
[233] Microsoft IIS 4.0/5.0/5.1 /.asp unknown vulnerability
[199] Microsoft MSDE/SQL Server 2000 LPC memory corruption
[198] Microsoft SQL Server 7/2000 Named Pipe privilege escalation
[197] Microsoft MSDE/SQL Server 7/2000 Named Pipe Session privilege escalation
[190] Microsoft IIS 6.0 Admin Interface weak authentication
[189] Microsoft IIS 6.0 Admin Interface weak authentication
[187] Microsoft IIS 6.0 Admin Interface cross site scripting
[183] Microsoft Messenger 6.0 Build 6.0.0501 Image Transfer memory corruption
[177] Microsoft ISA Proxy 2000 Error Site cross site scripting
[173] Microsoft SQL Server 7/2000 Index.PHP memory corruption
[159] Microsoft SQL Server on Win NT/2000/XP Named Pipe xp_fileexist unknown vulnerability
[157] Microsoft Exchange 5.5/2000 HTML Attachment cross site scripting
[86] Microsoft IIS 5.0/5.1 WebDAV denial of service
[85] Microsoft IIS 4.0/5.0 ASP Response.AddHeader memory corruption
[84] Microsoft IIS 5.0 Server Side Includes SSINC.DLL memory corruption
[83] Microsoft IIS 4.0/5.0/5.1 Error Message cross site scripting
[82] Microsoft IIS 4.0/5.0 nsiislog.dll denial of service
[62] Microsoft .NET Framework Passport unknown vulnerability
[43] Microsoft Outlook Express MHTML memory corruption
[15] Microsoft IIS 5.0 WebDav memory corruption
[12] Microsoft Outlook 2000/Express 6 window.PopUp privilege escalation
MITRE CVE - https://cve.mitre.org:
[CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
[CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
[CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
[CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
[CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
[CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
[CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
[CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
[CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
[CVE-2013-3127] The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."
[CVE-2013-2558] Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report.
[CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
[CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
[CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
[CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
[CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
[CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
[CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
[CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."
[CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
[CVE-2013-1333] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
[CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
[CVE-2013-1313] Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability."
[CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
[CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
[CVE-2013-1299] Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message.
[CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
[CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
[CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
[CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
[CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
[CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
[CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
[CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
[CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
[CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
[CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
[CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
[CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
[CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
[CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
[CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
[CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
[CVE-2013-0078] The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
[CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
[CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
[CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
[CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
[CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
[CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
[CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
[CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
[CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
[CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
[CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
[CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
[CVE-2012-2993] Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
[CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
[CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
[CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
[CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
[CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
[CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
[CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
[CVE-2012-2526] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability."
[CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
[CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
[CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
[CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
[CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
[CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
[CVE-2012-1868] Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
[CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
[CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
[CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
[CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
[CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
[CVE-2012-1853] Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability."
[CVE-2012-1852] Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability."
[CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
[CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
[CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
[CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
[CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
[CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
[CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
[CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
[CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
[CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
[CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
[CVE-2012-0176] Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
[CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
[CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
[CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
[CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
[CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability."
[CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
[CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
[CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
[CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
[CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
[CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
[CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
[CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
[CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
[CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
[CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
[CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
[CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
[CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
[CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
[CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
[CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
[CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
[CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
[CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
[CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
[CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
[CVE-2011-3401] ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."
[CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
[CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
[CVE-2011-3389] The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
[CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
[CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
[CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
[CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
[CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
[CVE-2011-2009] Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."
[CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
[CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
[CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
[CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
[CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
[CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
[CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
[CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
[CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
[CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
[CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
[CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
[CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
[CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
[CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
[CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
[CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
[CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
[CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1886] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability."
[CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
[CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
[CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
[CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
[CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
[CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
[CVE-2011-1713] Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
[CVE-2011-1652] ** DISPUTED ** The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems.
[CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
[CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
[CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
[CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
[CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
[CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
[CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
[CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
[CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
[CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
[CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
[CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
[CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
[CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
[CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
[CVE-2011-1243] The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."
[CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-1068] Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps.
[CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0673] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability."
[CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
[CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
[CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
[CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
[CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
[CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
[CVE-2011-0638] Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
[CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
[CVE-2011-0347] Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
[CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
[CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
[CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
[CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
[CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
[CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
[CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
[CVE-2011-0045] The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."
[CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
[CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
[CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
[CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
[CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
[CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
[CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
[CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
[CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
[CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
[CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
[CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
[CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
[CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
[CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
[CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
[CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
[CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
[CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
[CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
[CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
[CVE-2010-3973] The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
[CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
[CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
[CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
[CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
[CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
[CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
[CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
[CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
[CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
[CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
[CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
[CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
[CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
[CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
[CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
[CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
[CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
[CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
[CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
[CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
[CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
[CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
[CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
[CVE-2010-3225] Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."
[CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
[CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
[CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
[CVE-2010-3145] Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."
[CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
[CVE-2010-3143] Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
[CVE-2010-3140] Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file.
[CVE-2010-3139] Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.
[CVE-2010-3138] Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
[CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
[CVE-2010-2745] Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
[CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
[CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
[CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
[CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
[CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
[CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
[CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
[CVE-2010-2731] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
[CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
[CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
[CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
[CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
[CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
[CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
[CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
[CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
[CVE-2010-2553] The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."
[CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
[CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
[CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
[CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
[CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
[CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
[CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
[CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
[CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
[CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
[CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
[CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
[CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
[CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
[CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
[CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
[CVE-2010-1888] Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."
[CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
[CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
[CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
[CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
[CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
[CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
[CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
[CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
[CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
[CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
[CVE-2010-1264] Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability."
[CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
[CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
[CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
[CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
[CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
[CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
[CVE-2010-1098] The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
[CVE-2010-1042] Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown
[CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
[CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
[CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
[CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
[CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
[CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
[CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2010-0808] Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."
[CVE-2010-0805] The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
[CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
[CVE-2010-0718] Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file.
[CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
[CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
[CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
[CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
[CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
[CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
[CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
[CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
[CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
[CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
[CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
[CVE-2010-0379] Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.
[CVE-2010-0378] Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."
[CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
[CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
[CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
[CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
[CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
[CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
[CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
[CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
[CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
[CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
[CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
[CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
[CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
[CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
[CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
[CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
[CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
[CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
[CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
[CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
[CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
[CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
[CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
[CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
[CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
[CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
[CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
[CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
[CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
[CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
[CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
[CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
[CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
[CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
[CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
[CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
[CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
[CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
[CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
[CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
[CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
[CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
[CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
[CVE-2009-3294] The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.
[CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
[CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
[CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
[CVE-2009-3019] Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.
[CVE-2009-2764] Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
[CVE-2009-2655] mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
[CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
[CVE-2009-2544] Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live (MPL) allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. (dot dot) in a pathname.
[CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
[CVE-2009-2527] Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
[CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
[CVE-2009-2525] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
[CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
[CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
[CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
[CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
[CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
[CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
[CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
[CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
[CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
[CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
[CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
[CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
[CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
[CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
[CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
[CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
[CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
[CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
[CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
[CVE-2009-2499] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11
[CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
[CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
[CVE-2009-2484] Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
[CVE-2009-2357] The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
[CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
[CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
[CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
[CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
[CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
[CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
[CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
[CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
[CVE-2009-1920] The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
[CVE-2009-1808] Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
[CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
[CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
[CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
[CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
[CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
[CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
[CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
[CVE-2009-1532] Microsoft Internet Explorer 8 for Windows XP SP2 and SP3
[CVE-2009-1531] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3
[CVE-2009-1530] Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3
[CVE-2009-1529] Microsoft Internet Explorer 7 for Windows XP SP2 and SP3
[CVE-2009-1528] Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3
[CVE-2009-1511] GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (infinite loop) via a PNG file that contains a certain large btChunkLen value.
[CVE-2009-1335] Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr.
[CVE-2009-1331] Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid.
[CVE-2009-1217] Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow."
[CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
[CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
[CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
[CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
[CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
[CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
[CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
[CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
[CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
[CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
[CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
[CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
[CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
[CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
[CVE-2009-0555] Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
[CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
[CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
[CVE-2009-0341] The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
[CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
[CVE-2009-0244] Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder.
[CVE-2009-0243] Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device
[CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
[CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
[CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
[CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
[CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
[CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
[CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
[CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
[CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
[CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
[CVE-2009-0119] Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.
[CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
[CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
[CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
[CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
[CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
[CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
[CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
[CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
[CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
[CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
[CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
[CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
[CVE-2008-6194] Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898.
[CVE-2008-5828] Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields.
[CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
[CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
[CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
[CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
[CVE-2008-5229] Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or cause a denial of service (system crash) via a large invalid PrefixLength to the CreateIpForwardEntry2 method, as demonstrated by a "route add" command. NOTE: this issue might not cross privilege boundaries.
[CVE-2008-5179] Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
[CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
[CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
[CVE-2008-4927] Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown
[CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
[CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
[CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
[CVE-2008-4609] The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
[CVE-2008-4510] Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
[CVE-2008-4327] gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237.
[CVE-2008-4323] Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file.
[CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
[CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
[CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
[CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
[CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
[CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
[CVE-2008-4127] Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.
[CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
[CVE-2008-4071] A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.
[CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
[CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
[CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
[CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
[CVE-2008-3957] The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument to the Save method. NOTE: the provenance of this information is unknown
[CVE-2008-3893] Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
[CVE-2008-3815] Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors.
[CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
[CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
[CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
[CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
[CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
[CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
[CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
[CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
[CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
[CVE-2008-3010] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
[CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
[CVE-2008-3008] Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
[CVE-2008-2547] Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.
[CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
[CVE-2008-2253] Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability."
[CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
[CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
[CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
[CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
[CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
[CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
[CVE-2008-2160] Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
[CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
[CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
[CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
[CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
[CVE-2008-1453] The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
[CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
[CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
[CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
[CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
[CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
[CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
[CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
[CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
[CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
[CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
[CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
[CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
[CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
[CVE-2008-0951] Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
[CVE-2008-0322] The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.
[CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
[CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
[CVE-2008-0084] Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet.
[CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
[CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
[CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
[CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
[CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
[CVE-2007-6401] Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.
[CVE-2007-6332] The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
[CVE-2007-6236] Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
[CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
[CVE-2007-5634] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors.
[CVE-2007-5633] Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the (1) IOCTL_RDMSR 0x9C402438 and (2) IOCTL_WRMSR 0x9C40243C IOCTLs to \Device\speedfan, as demonstrated by an IOCTL_WRMSR action on MSR_LSTAR.
[CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
[CVE-2007-5460] Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
[CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
[CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
[CVE-2007-5350] Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
[CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
[CVE-2007-5145] Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347.
[CVE-2007-5133] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.
[CVE-2007-5095] Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expect to run, as demonstrated by the HTMLView parameter in an .asx file.
[CVE-2007-4414] Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
[CVE-2007-4288] Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.
[CVE-2007-4247] Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.
[CVE-2007-4227] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.
[CVE-2007-3958] Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
[CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
[CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
[CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
[CVE-2007-3826] Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
[CVE-2007-3724] The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
[CVE-2007-3671] Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.
[CVE-2007-3463] ** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account."
[CVE-2007-3436] Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
[CVE-2007-3406] Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag
[CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
[CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
[CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
[CVE-2007-3038] The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
[CVE-2007-3037] Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."
[CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
[CVE-2007-3035] Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins."
[CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
[CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
[CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
[CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
[CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
[CVE-2007-2815] The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
[CVE-2007-2730] Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
[CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
[CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
[CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
[CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
[CVE-2007-2237] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
[CVE-2007-2229] Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."
[CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
[CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
[CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
[CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
[CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
[CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
[CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
[CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
[CVE-2007-1973] Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
[CVE-2007-1946] Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.
[CVE-2007-1912] Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
[CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
[CVE-2007-1763] The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
[CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
[CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.
[CVE-2007-1658] Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
[CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
[CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
[CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
[CVE-2007-1535] Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
[CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
[CVE-2007-1533] The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.
[CVE-2007-1532] The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.
[CVE-2007-1531] Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
[CVE-2007-1530] The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.
[CVE-2007-1529] The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
[CVE-2007-1528] The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack.
[CVE-2007-1527] The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack.
[CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
[CVE-2007-1499] Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
[CVE-2007-1492] winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.
[CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
[CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
[CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
[CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
[CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
[CVE-2007-1209] Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
[CVE-2007-1206] The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0
[CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
[CVE-2007-1204] Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.
[CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
[CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
[CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
[CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
[CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
[CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
[CVE-2007-0878] Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.
[CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
[CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
[CVE-2007-0675] A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
[CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
[CVE-2007-0562] Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file.
[CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
[CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
[CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
[CVE-2007-0210] The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.
[CVE-2007-0084] ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.
[CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
[CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
[CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
[CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
[CVE-2007-0045] Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
[CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
[CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
[CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
[CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
[CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
[CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
[CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
[CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
[CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
[CVE-2006-7206] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.
[CVE-2006-7066] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
[CVE-2006-6902] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
[CVE-2006-6901] Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
[CVE-2006-6797] The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
[CVE-2006-6753] Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.
[CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
[CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
[CVE-2006-6659] The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
[CVE-2006-6602] explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.
[CVE-2006-6601] Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.
[CVE-2006-6579] Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
[CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
[CVE-2006-6252] Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
[CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
[CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
[CVE-2006-5745] Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
[CVE-2006-5614] Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
[CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
[CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
[CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
[CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
[CVE-2006-5448] The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.
[CVE-2006-5270] Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.
[CVE-2006-5028] Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
[CVE-2006-4868] Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
[CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
[CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
[CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
[CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
[CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
[CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
[CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
[CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
[CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
[CVE-2006-4138] Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.
[CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
[CVE-2006-4066] The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue.
[CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
[CVE-2006-3944] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
[CVE-2006-3943] Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
[CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
[CVE-2006-3915] Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference.
[CVE-2006-3899] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
[CVE-2006-3898] Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.
[CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
[CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
[CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
[CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
[CVE-2006-3730] Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
[CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
[CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
[CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
[CVE-2006-3471] Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
[CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
[CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
[CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
[CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
[CVE-2006-3442] Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.
[CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
[CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
[CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
[CVE-2006-3209] ** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation.
[CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
[CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
[CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
[CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
[CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
[CVE-2006-2376] Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
[CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
[CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
[CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
[CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
[CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
[CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
[CVE-2006-2218] Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
[CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
[CVE-2006-2056] Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
[CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
[CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
[CVE-2006-1591] Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
[CVE-2006-1510] Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method.
[CVE-2006-1476] Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program.
[CVE-2006-1475] Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file.
[CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
[CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
[CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
[CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
[CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
[CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
[CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
[CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
[CVE-2006-0561] Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
[CVE-2006-0143] Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.
[CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
[CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
[CVE-2006-0025] Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.
[CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
[CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
[CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
[CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
[CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
[CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
[CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
[CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
[CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
[CVE-2006-0005] Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
[CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
[CVE-2005-4560] The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.
[CVE-2005-4360] The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
[CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
[CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
[CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
[CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
[CVE-2005-3595] By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
[CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
[CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
[CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
[CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
[CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
[CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
[CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
[CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
[CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
[CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
[CVE-2005-2940] Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935.
[CVE-2005-2935] Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940.
[CVE-2005-2388] Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
[CVE-2005-2307] netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
[CVE-2005-2128] QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
[CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
[CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
[CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
[CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
[CVE-2005-1987] Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
[CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
[CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
[CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
[CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
[CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
[CVE-2005-1980] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."
[CVE-2005-1979] Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.
[CVE-2005-1978] COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.
[CVE-2005-1793] User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.
[CVE-2005-1219] Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
[CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
[CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
[CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
[CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
[CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
[CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
[CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
[CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
[CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
[CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
[CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
[CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
[CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
[CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
[CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
[CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
[CVE-2004-2454] aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.
[CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
[CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
[CVE-2004-2307] Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
[CVE-2004-2291] Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
[CVE-2004-2290] Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder.
[CVE-2004-2289] Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
[CVE-2004-2176] The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
[CVE-2004-1889] Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows.
[CVE-2004-1325] The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
[CVE-2004-1324] The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
[CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
[CVE-2004-1049] Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
[CVE-2004-0901] Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
[CVE-2004-0900] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
[CVE-2004-0899] The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
[CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
[CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
[CVE-2004-0727] Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
[CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
[CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
[CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
[CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
[CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
[CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
[CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
[CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
[CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
[CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
[CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
[CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
[CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
[CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
[CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
[CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
[CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
[CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
[CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
[CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
[CVE-2003-1107] The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
[CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
[CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
[CVE-2003-0907] Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
[CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
[CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
[CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
[CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
[CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
[CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
[CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
[CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
[CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
[CVE-2003-0604] Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
[CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
[CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
[CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
[CVE-2003-0349] Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
[CVE-2003-0348] A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
[CVE-2003-0346] Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
[CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
[CVE-2003-0228] Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
[CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
[CVE-2003-0111] The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
[CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
[CVE-2003-0009] Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
[CVE-2003-0004] Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
[CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
[CVE-2002-2283] Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view prosesses of other users.
[CVE-2002-2117] Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
[CVE-2002-2105] Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
[CVE-2002-2073] Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
[CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
[CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
[CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
[CVE-2002-1847] Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.
[CVE-2002-1844] Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
[CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
[CVE-2002-1692] Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
[CVE-2002-1670] Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
[CVE-2002-1327] Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
[CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
[CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
[CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
[CVE-2002-1183] Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
[CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
[CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
[CVE-2002-1139] The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
[CVE-2002-0864] The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
[CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
[CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
[CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
[CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
[CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
[CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
[CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
[CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
[CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
[CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
[CVE-2002-0615] The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
[CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
[CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
[CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
[CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
[CVE-2002-0372] Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
[CVE-2002-0370] Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
[CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
[CVE-2002-0151] Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
[CVE-2002-0136] Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.
[CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
[CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
[CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
[CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
[CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
[CVE-2001-1200] Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
[CVE-2001-1055] The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
[CVE-2001-0909] Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
[CVE-2001-0719] Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
[CVE-2001-0541] Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
[CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
[CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
[CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
[CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
[CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
[CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
[CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
[CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
[CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
[CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
[CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
[CVE-2001-0242] Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.
[CVE-2001-0047] The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.
[CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
[CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
[CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
[CVE-2000-1113] Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
[CVE-2000-1112] Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.
[CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
[CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
[CVE-2000-0929] Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.
[CVE-2000-0858] Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
[CVE-2000-0849] Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
[CVE-2000-0790] The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
[CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
[CVE-2000-0742] The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
[CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
[CVE-2000-0495] Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.
[CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
[CVE-2000-0228] Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
[CVE-2000-0216] Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
[CVE-2000-0168] Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
[CVE-2000-0089] The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
[CVE-1999-1291] TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.
[CVE-1999-0749] Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
[CVE-1999-0681] Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
[CVE-1999-0386] Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
[CVE-1999-0288] The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
[CVE-1999-0012] Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
[CVE-2013-5025] Unspecified vulnerability in an ActiveX control in the Help subsystem in National Instruments LabWindows/CVI before 2013 has unknown impact and remote attack vectors.
[CVE-2013-5023] Unspecified vulnerability in an ActiveX control in the HelpAsst component in NI Help Links in National Instruments LabWindows/CVI, LabVIEW, and other products has unknown impact and remote attack vectors.
[CVE-2013-5022] Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI, LabVIEW, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method.
[CVE-2013-5021] Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI, National Instruments LabVIEW, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
[CVE-2013-4669] FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android
[CVE-2013-4015] Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.
[CVE-2013-3956] The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003
[CVE-2013-3697] Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.
[CVE-2013-3393] The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117.
[CVE-2013-3347] Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.
[CVE-2013-3345] Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
[CVE-2013-3344] Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2013-3343] Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x
[CVE-2013-3335] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3334] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3333] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3332] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3331] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3330] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3329] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3328] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3327] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3326] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3325] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3324] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-3178] Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability."
[CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
[CVE-2013-3166] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.
[CVE-2013-3164] Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
[CVE-2013-3163] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
[CVE-2013-3162] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115.
[CVE-2013-3161] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.
[CVE-2013-3153] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148.
[CVE-2013-3152] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146.
[CVE-2013-3151] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.
[CVE-2013-3150] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145.
[CVE-2013-3149] Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
[CVE-2013-3148] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153.
[CVE-2013-3147] Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
[CVE-2013-3146] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.
[CVE-2013-3145] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150.
[CVE-2013-3144] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.
[CVE-2013-3143] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.
[CVE-2013-3142] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139.
[CVE-2013-3141] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110.
[CVE-2013-3139] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142.
[CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
[CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
[CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
[CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
[CVE-2013-3129] Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5
[CVE-2013-3126] Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability."
[CVE-2013-3125] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120.
[CVE-2013-3124] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122.
[CVE-2013-3123] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.
[CVE-2013-3122] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124.
[CVE-2013-3121] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142.
[CVE-2013-3120] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125.
[CVE-2013-3119] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114.
[CVE-2013-3118] Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125.
[CVE-2013-3117] Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124.
[CVE-2013-3116] Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
[CVE-2013-3115] Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162.
[CVE-2013-3114] Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119.
[CVE-2013-3113] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.
[CVE-2013-3112] Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.
[CVE-2013-3111] Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.
[CVE-2013-3110] Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141.
[CVE-2013-3028] Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via unspecified vectors.
[CVE-2013-2977] Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.
[CVE-2013-2874] Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.
[CVE-2013-2867] Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.
[CVE-2013-2854] Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
[CVE-2013-2728] Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x
[CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
[CVE-2013-2555] Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x
[CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
[CVE-2013-2496] The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.
[CVE-2013-2492] Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
[CVE-2013-2451] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
[CVE-2013-2310] SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network.
[CVE-2013-2306] The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site.
[CVE-2013-2303] Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors.
[CVE-2013-2268] Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."
[CVE-2013-1715] Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206.
[CVE-2013-1712] Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory.
[CVE-2013-1700] The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location.
[CVE-2013-1673] The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."
[CVE-2013-1672] The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.
[CVE-2013-1610] Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory.
[CVE-2013-1609] Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program.
[CVE-2013-1489] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
[CVE-2013-1451] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
[CVE-2013-1450] Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
[CVE-2013-1406] The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.
[CVE-2013-1380] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x
[CVE-2013-1379] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x
[CVE-2013-1378] Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x
[CVE-2013-1375] Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x
[CVE-2013-1374] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1373] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1372] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1371] Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x
[CVE-2013-1370] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1369] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1368] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1367] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1366] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1365] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
[CVE-2013-1346] mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
[CVE-2013-1338] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304.
[CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
[CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
[CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
[CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
[CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
[CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
[CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
[CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
[CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
[CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
[CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
[CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
[CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
[CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
[CVE-2013-1312] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
[CVE-2013-1311] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
[CVE-2013-1310] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
[CVE-2013-1309] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.
[CVE-2013-1308] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551.
[CVE-2013-1307] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811.
[CVE-2013-1306] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313.
[CVE-2013-1304] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338.
[CVE-2013-1303] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338.
[CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
[CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
[CVE-2013-1297] Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
[CVE-2013-1296] The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."
[CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
[CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
[CVE-2013-1288] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
[CVE-2013-1282] The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability."
[CVE-2013-1192] The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
[CVE-2013-1092] Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe.
[CVE-2013-1087] Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.
[CVE-2013-0931] EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration.
[CVE-2013-0900] Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
[CVE-2013-0899] Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.
[CVE-2013-0898] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.
[CVE-2013-0897] Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.
[CVE-2013-0896] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
[CVE-2013-0894] Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.
[CVE-2013-0893] Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
[CVE-2013-0892] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
[CVE-2013-0891] Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.
[CVE-2013-0890] Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.
[CVE-2013-0889] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.
[CVE-2013-0888] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."
[CVE-2013-0887] The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.
[CVE-2013-0885] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
[CVE-2013-0884] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
[CVE-2013-0883] Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
[CVE-2013-0882] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters.
[CVE-2013-0881] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
[CVE-2013-0880] Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases.
[CVE-2013-0879] Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
[CVE-2013-0840] Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
[CVE-2013-0830] The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
[CVE-2013-0811] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307.
[CVE-2013-0799] Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments.
[CVE-2013-0683] The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command.
[CVE-2013-0682] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed data in a formatted text command, leading to out-of-bounds access to (1) heap or (2) stack memory.
[CVE-2013-0681] Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command.
[CVE-2013-0680] Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header.
[CVE-2013-0650] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x
[CVE-2013-0649] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0648] Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
[CVE-2013-0647] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0646] Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x
[CVE-2013-0645] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0644] Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0643] The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
[CVE-2013-0642] Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0639] Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0638] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0637] Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x
[CVE-2013-0634] Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.
[CVE-2013-0633] Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
[CVE-2013-0630] Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x
[CVE-2013-0572] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
[CVE-2013-0571] Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
[CVE-2013-0541] Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Windows, when a localOS registry is used in conjunction with WebSphere Identity Manger (WIM), allows local users to cause a denial of service (daemon crash) via unspecified vectors.
[CVE-2013-0504] Buffer overflow in the broker service in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2013-0240] Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
[CVE-2013-0111] daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.
[CVE-2013-0110] nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program.
[CVE-2013-0109] The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.
[CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
[CVE-2013-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."
[CVE-2013-0093] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."
[CVE-2013-0092] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."
[CVE-2013-0091] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
[CVE-2013-0090] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
[CVE-2013-0089] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability."
[CVE-2013-0088] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."
[CVE-2013-0087] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
[CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
[CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
[CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
[CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
[CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
[CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
[CVE-2013-0074] Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
[CVE-2013-0030] The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
[CVE-2013-0029] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."
[CVE-2013-0028] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability."
[CVE-2013-0027] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability."
[CVE-2013-0026] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."
[CVE-2013-0025] Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
[CVE-2013-0024] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
[CVE-2013-0023] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."
[CVE-2013-0022] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
[CVE-2013-0021] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."
[CVE-2013-0020] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability."
[CVE-2013-0019] Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."
[CVE-2013-0018] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability."
[CVE-2013-0015] Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability."
[CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
[CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
[CVE-2013-0007] Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
[CVE-2013-0006] Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
[CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
[CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
[CVE-2012-6533] Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application.
[CVE-2012-6502] Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.
[CVE-2012-5678] Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x
[CVE-2012-5677] Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x
[CVE-2012-5676] Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x
[CVE-2012-5673] Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
[CVE-2012-5459] Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a "system folder."
[CVE-2012-5458] VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application.
[CVE-2012-5429] The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
[CVE-2012-5383] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.
[CVE-2012-5382] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation.
[CVE-2012-5381] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the PHP installation.
[CVE-2012-5380] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation.
[CVE-2012-5379] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation.
[CVE-2012-5378] Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.
[CVE-2012-5377] Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.
[CVE-2012-5287] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5286] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5285] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5280] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x
[CVE-2012-5279] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x
[CVE-2012-5278] Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x
[CVE-2012-5277] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x
[CVE-2012-5276] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x
[CVE-2012-5275] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x
[CVE-2012-5274] Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x
[CVE-2012-5272] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5271] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5270] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5269] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5268] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5267] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5266] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5265] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5264] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5263] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5262] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5261] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5260] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5259] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5258] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5257] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5256] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5255] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5254] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5253] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5252] Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5251] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5250] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5249] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5248] Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x
[CVE-2012-5154] Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
[CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
[CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
[CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
[CVE-2012-4787] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."
[CVE-2012-4782] Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
[CVE-2012-4781] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."
[CVE-2012-4777] The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
[CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
[CVE-2012-4775] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
[CVE-2012-4363] Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems."
[CVE-2012-4350] Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors.
[CVE-2012-4349] Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors.
[CVE-2012-4337] Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references.
[CVE-2012-4206] Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.
[CVE-2012-4171] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x
[CVE-2012-4168] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x
[CVE-2012-4167] Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x
[CVE-2012-4165] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x
[CVE-2012-4164] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x
[CVE-2012-4163] Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x
[CVE-2012-4160] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159.
[CVE-2012-4159] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160.
[CVE-2012-4158] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4157] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4156] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4155] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4154] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4153] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4152] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4151] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4150] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4149] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4148] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4147] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-4145] Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."
[CVE-2012-4144] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.
[CVE-2012-4143] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.
[CVE-2012-4142] Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
[CVE-2012-3974] Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.
[CVE-2012-3569] Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
[CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
[CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
[CVE-2012-3324] Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
[CVE-2012-2972] The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request.
[CVE-2012-2971] The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request.
[CVE-2012-2860] The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
[CVE-2012-2858] Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.
[CVE-2012-2857] Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
[CVE-2012-2856] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
[CVE-2012-2855] Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
[CVE-2012-2854] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
[CVE-2012-2853] The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
[CVE-2012-2852] The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document.
[CVE-2012-2851] Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
[CVE-2012-2850] Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.
[CVE-2012-2849] Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
[CVE-2012-2848] The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.
[CVE-2012-2847] Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site.
[CVE-2012-2816] Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors.
[CVE-2012-2764] Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.
[CVE-2012-2557] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
[CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
[CVE-2012-2550] Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability."
[CVE-2012-2549] The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."
[CVE-2012-2548] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability."
[CVE-2012-2546] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability."
[CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
[CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
[CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
[CVE-2012-2532] Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."
[CVE-2012-2531] Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
[CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
[CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
[CVE-2012-2523] Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."
[CVE-2012-2522] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."
[CVE-2012-2521] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."
[CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
[CVE-2012-2493] The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
[CVE-2012-2376] Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
[CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
[CVE-2012-2287] The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
[CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
[CVE-2012-2273] Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value.
[CVE-2012-2051] Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
[CVE-2012-2050] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2012-2049] Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2012-2040] Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X
[CVE-2012-2039] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X
[CVE-2012-2038] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X
[CVE-2012-2037] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X
[CVE-2012-2036] Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X
[CVE-2012-2035] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X
[CVE-2012-2034] Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X
[CVE-2012-2006] Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors.
[CVE-2012-2005] Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2012-2004] Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
[CVE-2012-2003] Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
[CVE-2012-1943] Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.
[CVE-2012-1942] The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.
[CVE-2012-1925] Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.
[CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
[CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
[CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
[CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
[CVE-2012-1889] Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
[CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
[CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
[CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
[CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
[CVE-2012-1882] Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability."
[CVE-2012-1881] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
[CVE-2012-1880] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
[CVE-2012-1879] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."
[CVE-2012-1878] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
[CVE-2012-1877] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
[CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
[CVE-2012-1875] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
[CVE-2012-1874] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
[CVE-2012-1873] Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability."
[CVE-2012-1872] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
[CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
[CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
[CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
[CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
[CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
[CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
[CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
[CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
[CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
[CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
[CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
[CVE-2012-1821] The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic.
[CVE-2012-1747] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746.
[CVE-2012-1746] Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747.
[CVE-2012-1662] CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.
[CVE-2012-1620] slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.
[CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
[CVE-2012-1539] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
[CVE-2012-1538] Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
[CVE-2012-1535] Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
[CVE-2012-1529] Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
[CVE-2012-1526] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
[CVE-2012-1525] Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2012-1524] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
[CVE-2012-1523] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
[CVE-2012-1522] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
[CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
[CVE-2012-1458] The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.
[CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
[CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
[CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
[CVE-2012-1441] The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
[CVE-2012-1438] The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations.
[CVE-2012-1437] The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location.
[CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
[CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
[CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
[CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
[CVE-2012-1432] The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
[CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
[CVE-2012-0779] Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux
[CVE-2012-0773] The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux
[CVE-2012-0772] An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
[CVE-2012-0769] Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0768] The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0767] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0756] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0755] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0754] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0753] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0752] Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris
[CVE-2012-0751] The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
[CVE-2012-0733] IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
[CVE-2012-0713] Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.
[CVE-2012-0669] Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
[CVE-2012-0667] Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.
[CVE-2012-0666] Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.
[CVE-2012-0664] Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.
[CVE-2012-0663] Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.
[CVE-2012-0584] The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.
[CVE-2012-0519] Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
[CVE-2012-0472] The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
[CVE-2012-0454] Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.
[CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
[CVE-2012-0430] Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
[CVE-2012-0429] dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
[CVE-2012-0418] Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file.
[CVE-2012-0265] Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.
[CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
[CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
[CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
[CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
[CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
[CVE-2012-0172] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
[CVE-2012-0171] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."
[CVE-2012-0170] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."
[CVE-2012-0169] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."
[CVE-2012-0168] Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."
[CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
[CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
[CVE-2012-0162] Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."
[CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
[CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
[CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
[CVE-2012-0155] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
[CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
[CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
[CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
[CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
[CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
[CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
[CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
[CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
[CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
[CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
[CVE-2012-0105] Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.
[CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
[CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
[CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
[CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
[CVE-2012-0016] Untrusted search path vulnerability in Microsoft Expression Design
[CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
[CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
[CVE-2012-0012] Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."
[CVE-2012-0011] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."
[CVE-2012-0010] Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."
[CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
[CVE-2012-0007] The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."
[CVE-2011-5127] Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
[CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
[CVE-2011-5012] Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206 allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
[CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
[CVE-2011-4694] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2011-4693] Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2011-4689] Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
[CVE-2011-4373] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
[CVE-2011-4372] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.
[CVE-2011-4371] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
[CVE-2011-4370] Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.
[CVE-2011-4369] Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
[CVE-2011-4187] Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173.
[CVE-2011-4186] Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705.
[CVE-2011-4185] The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436.
[CVE-2011-3649] Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.
[CVE-2011-3640] ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
[CVE-2011-3516] Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
[CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
[CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
[CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
[CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
[CVE-2011-3413] Microsoft PowerPoint 2007 SP2
[CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
[CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
[CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
[CVE-2011-3404] Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."
[CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
[CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
[CVE-2011-3330] Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.
[CVE-2011-3310] The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
[CVE-2011-3260] Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
[CVE-2011-3251] Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
[CVE-2011-3247] Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
[CVE-2011-3243] Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
[CVE-2011-3185] gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
[CVE-2011-3098] Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
[CVE-2011-3072] Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
[CVE-2011-2986] Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.
[CVE-2011-2977] Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.
[CVE-2011-2836] Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.
[CVE-2011-2822] Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.
[CVE-2011-2806] Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
[CVE-2011-2779] Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.
[CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
[CVE-2011-2678] The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
[CVE-2011-2664] Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.
[CVE-2011-2618] Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows.
[CVE-2011-2617] Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.
[CVE-2011-2604] The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
[CVE-2011-2602] The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
[CVE-2011-2600] The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.
[CVE-2011-2598] The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.
[CVE-2011-2462] Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
[CVE-2011-2460] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.
[CVE-2011-2459] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.
[CVE-2011-2458] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.
[CVE-2011-2457] Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2011-2456] Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2011-2455] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.
[CVE-2011-2454] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
[CVE-2011-2453] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
[CVE-2011-2452] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
[CVE-2011-2451] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
[CVE-2011-2450] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
[CVE-2011-2445] Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
[CVE-2011-2444] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
[CVE-2011-2430] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
[CVE-2011-2429] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."
[CVE-2011-2428] Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."
[CVE-2011-2427] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
[CVE-2011-2426] Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.
[CVE-2011-2425] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
[CVE-2011-2424] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."
[CVE-2011-2417] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.
[CVE-2011-2416] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.
[CVE-2011-2415] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.
[CVE-2011-2414] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.
[CVE-2011-2383] Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
[CVE-2011-2382] Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
[CVE-2011-2300] Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
[CVE-2011-2143] IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain.
[CVE-2011-2140] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
[CVE-2011-2139] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
[CVE-2011-2138] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.
[CVE-2011-2137] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.
[CVE-2011-2136] Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.
[CVE-2011-2135] Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.
[CVE-2011-2134] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
[CVE-2011-2130] Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
[CVE-2011-2110] Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.
[CVE-2011-2107] Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."
[CVE-2011-2105] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data.
[CVE-2011-2104] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
[CVE-2011-2103] Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
[CVE-2011-2102] Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.
[CVE-2011-2101] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
[CVE-2011-2100] Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.
[CVE-2011-2099] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098.
[CVE-2011-2098] Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099.
[CVE-2011-2097] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095.
[CVE-2011-2096] Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2011-2095] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097.
[CVE-2011-2094] Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097.
[CVE-2011-2075] Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
[CVE-2011-2041] The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.
[CVE-2011-2039] The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
[CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
[CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
[CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
[CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
[CVE-2011-2001] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."
[CVE-2011-2000] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."
[CVE-2011-1999] Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
[CVE-2011-1998] Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."
[CVE-2011-1997] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability."
[CVE-2011-1996] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
[CVE-2011-1995] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."
[CVE-2011-1993] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."
[CVE-2011-1992] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
[CVE-2011-1990] Microsoft Excel 2007 SP2
[CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
[CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
[CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
[CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
[CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
[CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
[CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
[CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
[CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
[CVE-2011-1977] The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."
[CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
[CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
[CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
[CVE-2011-1964] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."
[CVE-2011-1963] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."
[CVE-2011-1962] Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."
[CVE-2011-1961] The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."
[CVE-2011-1960] Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."
[CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
[CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
[CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
[CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
[CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
[CVE-2011-1847] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
[CVE-2011-1846] IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.
[CVE-2011-1845] Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element.
[CVE-2011-1844] Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection.
[CVE-2011-1821] IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search.
[CVE-2011-1592] The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.
[CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
[CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
[CVE-2011-1353] Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.
[CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
[CVE-2011-1300] The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.
[CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
[CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
[CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
[CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
[CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2011-1275] Microsoft Excel 2002 SP3
[CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
[CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2011-1271] The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
[CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
[CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2011-1266] The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
[CVE-2011-1262] Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."
[CVE-2011-1261] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."
[CVE-2011-1260] Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
[CVE-2011-1258] Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
[CVE-2011-1257] Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
[CVE-2011-1256] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
[CVE-2011-1255] The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
[CVE-2011-1254] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
[CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
[CVE-2011-1251] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
[CVE-2011-1250] Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."
[CVE-2011-1246] Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
[CVE-2011-1245] Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."
[CVE-2011-1244] Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
[CVE-2011-1223] Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.
[CVE-2011-1222] Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.
[CVE-2011-1215] Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
[CVE-2011-1103] The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.
[CVE-2011-1102] Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2011-1056] The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
[CVE-2011-1003] Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.
[CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
[CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
[CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
[CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2011-0890] HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.
[CVE-2011-0866] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.
[CVE-2011-0817] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
[CVE-2011-0806] Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors.
[CVE-2011-0788] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786.
[CVE-2011-0786] Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788.
[CVE-2011-0770] Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.
[CVE-2011-0757] IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
[CVE-2011-0754] The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.
[CVE-2011-0731] Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
[CVE-2011-0698] Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
[CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
[CVE-2011-0663] Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
[CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
[CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
[CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
[CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
[CVE-2011-0628] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.
[CVE-2011-0626] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.
[CVE-2011-0625] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.
[CVE-2011-0624] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.
[CVE-2011-0623] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.
[CVE-2011-0622] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.
[CVE-2011-0621] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.
[CVE-2011-0620] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.
[CVE-2011-0619] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.
[CVE-2011-0618] Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2011-0611] Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android
[CVE-2011-0610] The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
[CVE-2011-0609] Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris
[CVE-2011-0606] Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589.
[CVE-2011-0604] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.
[CVE-2011-0603] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567.
[CVE-2011-0602] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599.
[CVE-2011-0600] The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.
[CVE-2011-0599] The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.
[CVE-2011-0598] Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602.
[CVE-2011-0596] The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602.
[CVE-2011-0595] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.
[CVE-2011-0594] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
[CVE-2011-0593] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.
[CVE-2011-0592] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
[CVE-2011-0591] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
[CVE-2011-0590] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
[CVE-2011-0589] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.
[CVE-2011-0588] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570.
[CVE-2011-0587] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604.
[CVE-2011-0586] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
[CVE-2011-0585] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565.
[CVE-2011-0579] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
[CVE-2011-0570] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588.
[CVE-2011-0567] AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603.
[CVE-2011-0566] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603.
[CVE-2011-0565] Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585.
[CVE-2011-0564] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
[CVE-2011-0563] Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606.
[CVE-2011-0562] Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588.
[CVE-2011-0537] Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.
[CVE-2011-0450] The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.
[CVE-2011-0346] Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
[CVE-2011-0290] The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
[CVE-2011-0258] Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file.
[CVE-2011-0248] Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.
[CVE-2011-0247] Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie.
[CVE-2011-0246] Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
[CVE-2011-0215] ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.
[CVE-2011-0214] CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.
[CVE-2011-0208] QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
[CVE-2011-0192] Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
[CVE-2011-0191] Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
[CVE-2011-0170] Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.
[CVE-2011-0168] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0167] The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
[CVE-2011-0165] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0164] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0156] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0155] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0154] WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0153] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0152] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0151] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0150] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0149] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0148] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0147] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0146] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0145] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0144] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0143] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0142] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0141] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0140] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0139] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0138] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0137] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0136] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0135] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0134] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0133] WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0132] Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0131] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0130] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0129] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0128] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0127] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0126] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0125] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0124] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0123] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0122] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0121] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0120] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0119] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0118] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0117] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0116] Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0115] The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0114] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0113] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0112] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0111] WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
[CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
[CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
[CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
[CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
[CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
[CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
[CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
[CVE-2011-0094] Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability."
[CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
[CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
[CVE-2011-0071] Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
[CVE-2011-0058] Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
[CVE-2011-0038] Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
[CVE-2011-0036] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
[CVE-2011-0035] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
[CVE-2011-0029] Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."
[CVE-2010-5184] ** DISPUTED ** Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5183] ** DISPUTED ** Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5182] ** DISPUTED ** Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5181] ** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5180] ** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5179] ** DISPUTED ** Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5178] ** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5177] ** DISPUTED ** Race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: the vendor disputes this issue because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5176] ** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5175] ** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5174] ** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5173] ** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5172] ** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5171] ** DISPUTED ** Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5170] ** DISPUTED ** Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5169] ** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5168] ** DISPUTED ** Race condition in Symantec Norton Internet Security 2010 17.5.0.127 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5167] ** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5166] ** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5165] ** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5164] ** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5163] ** DISPUTED ** Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5162] ** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5161] ** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 build 246 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5160] ** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5159] ** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5158] ** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5157] Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.
[CVE-2010-5156] ** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5155] ** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5154] ** DISPUTED ** Race condition in BitDefender Total Security 2010 13.0.20.347 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5153] ** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5152] ** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5151] ** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5150] ** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
[CVE-2010-5145] The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI.
[CVE-2010-5144] The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
[CVE-2010-5071] The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
[CVE-2010-4833] Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.
[CVE-2010-4785] The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause a denial of service (ABEND) via a malformed LDAP extended operation that triggers certain comparisons involving the NULL operation OID.
[CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
[CVE-2010-4588] The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.
[CVE-2010-4587] Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module.
[CVE-2010-4466] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux
[CVE-2010-4451] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
[CVE-2010-4423] Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors.
[CVE-2010-4368] awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
[CVE-2010-4294] The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.
[CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
[CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
[CVE-2010-4091] The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
[CVE-2010-3976] Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.
[CVE-2010-3972] Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
[CVE-2010-3971] Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
[CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
[CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
[CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
[CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
[CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
[CVE-2010-3952] The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability."
[CVE-2010-3951] Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability."
[CVE-2010-3950] The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability."
[CVE-2010-3949] Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."
[CVE-2010-3947] Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability."
[CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
[CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
[CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
[CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
[CVE-2010-3886] The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.
[CVE-2010-3826] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
[CVE-2010-3824] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.
[CVE-2010-3823] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415.
[CVE-2010-3822] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
[CVE-2010-3821] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
[CVE-2010-3820] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
[CVE-2010-3819] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
[CVE-2010-3818] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.
[CVE-2010-3817] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
[CVE-2010-3816] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
[CVE-2010-3813] The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4
[CVE-2010-3812] Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4
[CVE-2010-3811] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.
[CVE-2010-3810] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.
[CVE-2010-3809] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
[CVE-2010-3808] WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
[CVE-2010-3805] Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.
[CVE-2010-3804] The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
[CVE-2010-3803] Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.
[CVE-2010-3785] Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.
[CVE-2010-3769] The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.
[CVE-2010-3734] The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.
[CVE-2010-3732] The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.
[CVE-2010-3658] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
[CVE-2010-3657] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.
[CVE-2010-3656] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.
[CVE-2010-3654] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
[CVE-2010-3652] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650.
[CVE-2010-3650] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652.
[CVE-2010-3649] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3648] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3647] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3646] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3645] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3644] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3643] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3642] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3641] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3640] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
[CVE-2010-3639] Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
[CVE-2010-3637] An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.
[CVE-2010-3636] Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.
[CVE-2010-3632] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.
[CVE-2010-3630] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
[CVE-2010-3629] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
[CVE-2010-3628] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.
[CVE-2010-3627] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.
[CVE-2010-3626] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.
[CVE-2010-3625] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
[CVE-2010-3622] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
[CVE-2010-3621] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
[CVE-2010-3620] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
[CVE-2010-3619] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
[CVE-2010-3535] Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows.
[CVE-2010-3499] F-Secure Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that "the inability to catch these files are caused by lacking functionality rather than programming errors."
[CVE-2010-3498] AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
[CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
[CVE-2010-3496] McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
[CVE-2010-3487] Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
[CVE-2010-3460] Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL.
[CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
[CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
[CVE-2010-3348] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.
[CVE-2010-3346] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
[CVE-2010-3345] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
[CVE-2010-3343] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
[CVE-2010-3342] Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
[CVE-2010-3340] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
[CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
[CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
[CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
[CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
[CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
[CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
[CVE-2010-3331] Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-3330] Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
[CVE-2010-3329] mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-3328] Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-3327] The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
[CVE-2010-3326] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-3325] Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
[CVE-2010-3268] The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.
[CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
[CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
[CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
[CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
[CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
[CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
[CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
[CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
[CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
[CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
[CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
[CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
[CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
[CVE-2010-3228] The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."
[CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
[CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
[CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
[CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
[CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
[CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
[CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
[CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
[CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
[CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
[CVE-2010-3195] Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."
[CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
[CVE-2010-3181] Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.
[CVE-2010-3157] Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer.
[CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
[CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
[CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
[CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
[CVE-2010-3131] Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.
[CVE-2010-3111] Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.
[CVE-2010-3101] Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
[CVE-2010-3069] Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
[CVE-2010-3008] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.
[CVE-2010-3005] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors.
[CVE-2010-3004] Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.
[CVE-2010-3001] Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."
[CVE-2010-3000] Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
[CVE-2010-2996] Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
[CVE-2010-2991] The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
[CVE-2010-2990] Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.
[CVE-2010-2897] Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.
[CVE-2010-2890] Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
[CVE-2010-2889] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
[CVE-2010-2888] Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.
[CVE-2010-2884] Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android
[CVE-2010-2883] Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
[CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
[CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
[CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
[CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
[CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
[CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
[CVE-2010-2730] Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."
[CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
[CVE-2010-2703] Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
[CVE-2010-2666] Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.
[CVE-2010-2665] Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."
[CVE-2010-2661] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.
[CVE-2010-2660] Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.
[CVE-2010-2659] Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.
[CVE-2010-2657] Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
[CVE-2010-2594] Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
[CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
[CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
[CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
[CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
[CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
[CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
[CVE-2010-2561] Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."
[CVE-2010-2560] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."
[CVE-2010-2559] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
[CVE-2010-2558] Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
[CVE-2010-2557] Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-2556] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-2489] Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
[CVE-2010-2442] Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
[CVE-2010-2428] Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.
[CVE-2010-2264] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document.
[CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
[CVE-2010-2212] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.
[CVE-2010-2211] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.
[CVE-2010-2210] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.
[CVE-2010-2209] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
[CVE-2010-2208] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2010-2207] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
[CVE-2010-2206] Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.
[CVE-2010-2205] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2010-2204] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
[CVE-2010-2202] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
[CVE-2010-2201] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.
[CVE-2010-2168] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.
[CVE-2010-2157] Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.
[CVE-2010-2119] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs.
[CVE-2010-2118] Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
[CVE-2010-2090] The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small.
[CVE-2010-2088] ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
[CVE-2010-2085] The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
[CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
[CVE-2010-2083] Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors.
[CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
[CVE-2010-2011] Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents.
[CVE-2010-1991] Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
[CVE-2010-1988] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571.
[CVE-2010-1987] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.
[CVE-2010-1986] Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571.
[CVE-2010-1971] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968.
[CVE-2010-1970] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors.
[CVE-2010-1969] Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
[CVE-2010-1968] Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971.
[CVE-2010-1967] Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors.
[CVE-2010-1966] Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors.
[CVE-2010-1965] Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors.
[CVE-2010-1940] Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown
[CVE-2010-1939] Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
[CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
[CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
[CVE-2010-1899] Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
[CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
[CVE-2010-1852] Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.
[CVE-2010-1824] Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.
[CVE-2010-1805] Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.
[CVE-2010-1799] Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
[CVE-2010-1796] The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
[CVE-2010-1795] Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
[CVE-2010-1793] Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1792] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1791] Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
[CVE-2010-1790] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1789] Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
[CVE-2010-1788] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1787] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1786] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1785] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1784] The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1783] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1782] WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1780] Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4
[CVE-2010-1778] Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
[CVE-2010-1774] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
[CVE-2010-1771] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.
[CVE-2010-1770] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."
[CVE-2010-1769] WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.
[CVE-2010-1764] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.
[CVE-2010-1763] Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
[CVE-2010-1762] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
[CVE-2010-1761] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.
[CVE-2010-1759] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.
[CVE-2010-1758] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.
[CVE-2010-1750] Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
[CVE-2010-1749] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.
[CVE-2010-1728] Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
[CVE-2010-1681] Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
[CVE-2010-1508] Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.
[CVE-2010-1489] The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
[CVE-2010-1423] Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.
[CVE-2010-1422] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.
[CVE-2010-1421] The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.
[CVE-2010-1419] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
[CVE-2010-1418] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.
[CVE-2010-1417] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
[CVE-2010-1416] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
[CVE-2010-1415] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
[CVE-2010-1414] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
[CVE-2010-1413] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
[CVE-2010-1412] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
[CVE-2010-1410] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
[CVE-2010-1409] Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.
[CVE-2010-1408] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.
[CVE-2010-1406] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
[CVE-2010-1405] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
[CVE-2010-1404] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.
[CVE-2010-1403] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
[CVE-2010-1402] Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
[CVE-2010-1401] Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
[CVE-2010-1400] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
[CVE-2010-1399] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
[CVE-2010-1398] WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.
[CVE-2010-1397] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
[CVE-2010-1396] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.
[CVE-2010-1395] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."
[CVE-2010-1394] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.
[CVE-2010-1393] The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.
[CVE-2010-1392] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
[CVE-2010-1391] Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.
[CVE-2010-1390] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.
[CVE-2010-1389] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.
[CVE-2010-1387] Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
[CVE-2010-1385] Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
[CVE-2010-1384] Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.
[CVE-2010-1383] CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
[CVE-2010-1322] The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.
[CVE-2010-1295] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.
[CVE-2010-1285] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.
[CVE-2010-1262] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
[CVE-2010-1261] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-1260] The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
[CVE-2010-1259] Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-1258] Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."
[CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
[CVE-2010-1256] Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
[CVE-2010-1254] The installation for Microsoft Open XML File Format Converter for Mac sets insecure ACLs for the /Applications folder, which allows local users to execute arbitrary code by replacing the executable with a Trojan Horse, aka "Mac Office Open XML Permissions Vulnerability."
[CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
[CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
[CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
[CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
[CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
[CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
[CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
[CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
[CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
[CVE-2010-1241] Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
[CVE-2010-1240] Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
[CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
[CVE-2010-1140] The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.
[CVE-2010-1138] The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
[CVE-2010-1131] JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.
[CVE-2010-1127] Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.
[CVE-2010-1119] Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
[CVE-2010-1034] Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.
[CVE-2010-0925] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.
[CVE-2010-0924] cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.
[CVE-2010-0903] Unspecified vulnerability in the Net Foundation Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.
[CVE-2010-0900] Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.
[CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
[CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
[CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
[CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
[CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
[CVE-2010-0816] Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1
[CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
[CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
[CVE-2010-0807] Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
[CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-0732] gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
[CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
[CVE-2010-0705] Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
[CVE-2010-0657] Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.
[CVE-2010-0652] Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document.
[CVE-2010-0650] WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
[CVE-2010-0559] The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain.
[CVE-2010-0558] The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain.
[CVE-2010-0555] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.
[CVE-2010-0544] Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.
[CVE-2010-0536] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.
[CVE-2010-0532] Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
[CVE-2010-0530] Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.
[CVE-2010-0529] Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.
[CVE-2010-0528] Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.
[CVE-2010-0527] Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
[CVE-2010-0494] Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
[CVE-2010-0492] Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
[CVE-2010-0491] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
[CVE-2010-0490] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-0489] Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."
[CVE-2010-0488] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
[CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
[CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
[CVE-2010-0284] Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
[CVE-2010-0267] Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
[CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
[CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
[CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
[CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
[CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
[CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
[CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
[CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
[CVE-2010-0255] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
[CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
[CVE-2010-0248] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
[CVE-2010-0247] Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2010-0246] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
[CVE-2010-0245] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
[CVE-2010-0244] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
[CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
[CVE-2010-0204] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201.
[CVE-2010-0203] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202.
[CVE-2010-0202] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203.
[CVE-2010-0201] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204.
[CVE-2010-0199] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.
[CVE-2010-0198] Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.
[CVE-2010-0197] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204.
[CVE-2010-0196] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193.
[CVE-2010-0195] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
[CVE-2010-0194] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204.
[CVE-2010-0193] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196.
[CVE-2010-0192] Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196.
[CVE-2010-0191] Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
[CVE-2010-0190] Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2010-0161] The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.
[CVE-2010-0138] Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.
[CVE-2010-0120] Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.
[CVE-2010-0117] RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
[CVE-2010-0116] Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
[CVE-2010-0103] UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
[CVE-2010-0045] Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
[CVE-2010-0043] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
[CVE-2010-0042] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
[CVE-2010-0041] ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.
[CVE-2010-0040] Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
[CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
[CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
[CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
[CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
[CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
[CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
[CVE-2009-5092] Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2009-4764] Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
[CVE-2009-4741] Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
[CVE-2009-4654] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
[CVE-2009-4653] Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.
[CVE-2009-4445] Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in creation of an empty .asp file, related to support for the NTFS Alternate Data Streams (ADS) filename syntax. NOTE: it could be argued that this is a vulnerability in the third-party product, not IIS, because the third-party product should be applying its extension restrictions to the portion of the filename before the colon.
[CVE-2009-4444] Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a
[CVE-2009-4378] The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
[CVE-2009-4324] Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
[CVE-2009-4186] Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
[CVE-2009-4118] The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
[CVE-2009-4074] The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
[CVE-2009-4073] The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
[CVE-2009-3959] Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
[CVE-2009-3958] Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
[CVE-2009-3957] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.
[CVE-2009-3956] The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
[CVE-2009-3955] Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
[CVE-2009-3954] The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
[CVE-2009-3953] The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
[CVE-2009-3951] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.
[CVE-2009-3943] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property.
[CVE-2009-3936] Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.
[CVE-2009-3902] Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
[CVE-2009-3885] Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.
[CVE-2009-3883] Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.
[CVE-2009-3864] The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
[CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
[CVE-2009-3841] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.
[CVE-2009-3832] Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
[CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
[CVE-2009-3746] XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711.
[CVE-2009-3674] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
[CVE-2009-3673] Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-3672] Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.
[CVE-2009-3671] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
[CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
[CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
[CVE-2009-3532] Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
[CVE-2009-3524] Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.
[CVE-2009-3523] aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.
[CVE-2009-3522] Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.
[CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
[CVE-2009-3384] Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
[CVE-2009-3344] Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3275] Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability.
[CVE-2009-3270] Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
[CVE-2009-3267] Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
[CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
[CVE-2009-3243] Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
[CVE-2009-3177] Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
[CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
[CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
[CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
[CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
[CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
[CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
[CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
[CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
[CVE-2009-3099] Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2007-3872. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3098] Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a "Remote exploit," as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3097] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3096] Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3089] IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3087] Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
[CVE-2009-3032] Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
[CVE-2009-3023] Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
[CVE-2009-3003] Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
[CVE-2009-2987] Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.
[CVE-2009-2975] Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.
[CVE-2009-2954] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
[CVE-2009-2880] Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
[CVE-2009-2879] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.
[CVE-2009-2878] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.
[CVE-2009-2877] Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
[CVE-2009-2876] Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.
[CVE-2009-2875] Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.
[CVE-2009-2838] Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
[CVE-2009-2813] Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
[CVE-2009-2804] Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
[CVE-2009-2794] The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
[CVE-2009-2761] Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.
[CVE-2009-2717] The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
[CVE-2009-2711] XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276.
[CVE-2009-2688] Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown
[CVE-2009-2681] Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges via unknown vectors.
[CVE-2009-2668] Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service (CPU consumption) via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232.
[CVE-2009-2628] The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.
[CVE-2009-2576] Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
[CVE-2009-2536] Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
[CVE-2009-2531] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.
[CVE-2009-2530] Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
[CVE-2009-2529] Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
[CVE-2009-2528] GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
[CVE-2009-2521] Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
[CVE-2009-2518] Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."
[CVE-2009-2512] The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."
[CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
[CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
[CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
[CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
[CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
[CVE-2009-2479] Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
[CVE-2009-2445] Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI.
[CVE-2009-2433] Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
[CVE-2009-2420] Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703.
[CVE-2009-2411] Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.
[CVE-2009-2350] Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312.
[CVE-2009-2261] PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
[CVE-2009-2069] Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
[CVE-2009-2064] Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
[CVE-2009-2057] Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
[CVE-2009-2027] The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.
[CVE-2009-1919] Microsoft Internet Explorer 5.01 SP4 and 6 SP1
[CVE-2009-1918] Microsoft Internet Explorer 5.01 SP4 and 6 SP1
[CVE-2009-1917] Microsoft Internet Explorer 6 SP1
[CVE-2009-1805] Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
[CVE-2009-1783] Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
[CVE-2009-1782] Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier
[CVE-2009-1761] The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error.
[CVE-2009-1716] CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
[CVE-2009-1707] Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.
[CVE-2009-1706] The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
[CVE-2009-1705] CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
[CVE-2009-1628] Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
[CVE-2009-1565] vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."
[CVE-2009-1564] Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
[CVE-2009-1547] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
[CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
[CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
[CVE-2009-1535] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
[CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
[CVE-2009-1522] The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors.
[CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
[CVE-2009-1473] The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations."
[CVE-2009-1419] Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.0.0 through 2.52, 7.50, and 7.51 on Windows allows remote attackers to access DDMI agents via unknown vectors.
[CVE-2009-1394] Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.
[CVE-2009-1348] The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
[CVE-2009-1276] XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.
[CVE-2009-1267] Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
[CVE-2009-1233] Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
[CVE-2009-1161] Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
[CVE-2009-1140] Microsoft Internet Explorer 5.01 SP4
[CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
[CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
[CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
[CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
[CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
[CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
[CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
[CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
[CVE-2009-1044] Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
[CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
[CVE-2009-0954] Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.
[CVE-2009-0944] The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
[CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
[CVE-2009-0894] Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information.
[CVE-2009-0893] Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the xvidcore library in Xvid before 1.2.2, as used by Windows Media Player and other applications, allow remote attackers to execute arbitrary code by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file that triggers heap memory corruption, related to a "missing resync marker range check" and the (1) decoder_iframe, (2) decoder_pframe, and (3) decoder_bframe functions.
[CVE-2009-0880] Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
[CVE-2009-0879] The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
[CVE-2009-0869] Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
[CVE-2009-0841] Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
[CVE-2009-0671] ** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions.
[CVE-2009-0655] Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
[CVE-2009-0647] msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service (application crash) via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header line. NOTE: this has been reported as a format string vulnerability by some sources, but the provenance of that information is unknown.
[CVE-2009-0612] Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
[CVE-2009-0601] Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
[CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
[CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
[CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
[CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
[CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
[CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
[CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
[CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
[CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
[CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
[CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
[CVE-2009-0537] Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD
[CVE-2009-0522] Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."
[CVE-2009-0438] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412.
[CVE-2009-0437] The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
[CVE-2009-0419] Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
[CVE-2009-0389] Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
[CVE-2009-0376] Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin.
[CVE-2009-0375] Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin.
[CVE-2009-0369] Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.
[CVE-2009-0321] Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.
[CVE-2009-0282] Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
[CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
[CVE-2009-0237] Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE)
[CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
[CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
[CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
[CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
[CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
[CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
[CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
[CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
[CVE-2009-0208] Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.
[CVE-2009-0199] Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).
[CVE-2009-0162] Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
[CVE-2009-0137] Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."
[CVE-2009-0133] Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.
[CVE-2009-0123] Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
[CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
[CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
[CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
[CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
[CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
[CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
[CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
[CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
[CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
[CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
[CVE-2009-0084] Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
[CVE-2009-0080] The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."
[CVE-2009-0077] The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE)
[CVE-2009-0076] Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
[CVE-2009-0075] Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2009-0072] Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.
[CVE-2009-0016] Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
[CVE-2009-0008] Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.
[CVE-2008-7295] Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
[CVE-2008-7292] Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.
[CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
[CVE-2008-7211] CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer.
[CVE-2008-7194] Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request.
[CVE-2008-7106] The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay).
[CVE-2008-7105] Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104.
[CVE-2008-7104] Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.
[CVE-2008-7064] Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
[CVE-2008-7037] The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.
[CVE-2008-6938] Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt.
[CVE-2008-6903] Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
[CVE-2008-6820] The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.
[CVE-2008-6561] Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
[CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
[CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
[CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
[CVE-2008-5821] Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
[CVE-2008-5787] Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
[CVE-2008-5749] ** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."
[CVE-2008-5717] Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2008-5715] Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms.
[CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
[CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
[CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
[CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
[CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
[CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
[CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
[CVE-2008-5439] Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors.
[CVE-2008-5428] Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822
[CVE-2008-5424] The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822
[CVE-2008-5423] Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.
[CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
[CVE-2008-5415] The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
[CVE-2008-5412] Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438.
[CVE-2008-5408] Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407.
[CVE-2008-5407] Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.
[CVE-2008-5326] The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
[CVE-2008-5315] Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
[CVE-2008-5181] Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons.
[CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
[CVE-2008-5178] Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
[CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
[CVE-2008-5038] Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
[CVE-2008-5026] Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.
[CVE-2008-4946] convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/.
[CVE-2008-4922] Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.
[CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
[CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4820] Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors.
[CVE-2008-4816] Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
[CVE-2008-4800] The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
[CVE-2008-4788] Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.
[CVE-2008-4787] Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many  
[CVE-2008-4582] Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.
[CVE-2008-4562] Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.
[CVE-2008-4544] Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error."
[CVE-2008-4540] Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.
[CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
[CVE-2008-4473] Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
[CVE-2008-4450] Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown
[CVE-2008-4411] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.
[CVE-2008-4381] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
[CVE-2008-4324] The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected.
[CVE-2008-4301] ** DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous.
[CVE-2008-4300] A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
[CVE-2008-4299] A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Component in iashlpr.dll allows remote attackers to cause a denial of service (browser crash) via a large integer value in the first argument to the PutProperty method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
[CVE-2008-4293] Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors in which Opera is launched by other applications.
[CVE-2008-4278] VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
[CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
[CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
[CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4260] Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2008-4259] Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability."
[CVE-2008-4258] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."
[CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
[CVE-2008-4254] Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
[CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
[CVE-2008-4252] The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
[CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
[CVE-2008-4197] Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
[CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
[CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
[CVE-2008-4033] Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
[CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
[CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4029] Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."
[CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
[CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
[CVE-2008-4020] Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."
[CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
[CVE-2008-3973] Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
[CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
[CVE-2008-3897] DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
[CVE-2008-3851] Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php
[CVE-2008-3843] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
[CVE-2008-3842] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
[CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
[CVE-2008-3703] The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
[CVE-2008-3698] Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
[CVE-2008-3635] Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
[CVE-2008-3630] mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
[CVE-2008-3628] Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."
[CVE-2008-3623] Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
[CVE-2008-3615] ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
[CVE-2008-3614] Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
[CVE-2008-3539] Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02 and earlier, HPSI IBM Tivoli Dir Connector 1.02 and earlier, HPSI TOPSecret Connector 2.22.001 and earlier, HPSI RACF Connector 1.12.001 and earlier, HPSI ACF2 Connector 1.02 and earlier, HPSI OpenLDAP Connector 1.02 and earlier, and HPSI BiDir DirX Connector 1.00.003 and earlier, allows local users to obtain sensitive information via unknown vectors.
[CVE-2008-3538] Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the initial description of this CVE was inadvertently associated with libxml2, but it should be for HP Enterprise Discovery.
[CVE-2008-3493] vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet.
[CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
[CVE-2008-3476] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."
[CVE-2008-3475] Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2008-3474] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."
[CVE-2008-3473] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability."
[CVE-2008-3472] Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability."
[CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
[CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
[CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
[CVE-2008-3459] Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.
[CVE-2008-3365] Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
[CVE-2008-3363] Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
[CVE-2008-3173] Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866.
[CVE-2008-3158] Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
[CVE-2008-3079] Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
[CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
[CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
[CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
[CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
[CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
[CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
[CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
[CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
[CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
[CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
[CVE-2008-2959] Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.
[CVE-2008-2949] Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
[CVE-2008-2948] Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
[CVE-2008-2947] Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.
[CVE-2008-2908] Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value of the (1) operation, (2) printer-url, or (3) target-frame parameter. NOTE: some of these details are obtained from third party information.
[CVE-2008-2894] Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
[CVE-2008-2841] Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
[CVE-2008-2821] Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
[CVE-2008-2810] Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.
[CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
[CVE-2008-2747] No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values.
[CVE-2008-2703] Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
[CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
[CVE-2008-2430] Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
[CVE-2008-2427] Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
[CVE-2008-2400] Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors.
[CVE-2008-2326] mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
[CVE-2008-2325] QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
[CVE-2008-2307] Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
[CVE-2008-2306] Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
[CVE-2008-2259] Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
[CVE-2008-2258] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.
[CVE-2008-2257] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.
[CVE-2008-2256] Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2008-2255] Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
[CVE-2008-2254] Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
[CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
[CVE-2008-2163] Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors."
[CVE-2008-2161] Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
[CVE-2008-2159] Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.
[CVE-2008-2158] Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
[CVE-2008-2157] robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
[CVE-2008-2143] Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.
[CVE-2008-2099] Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
[CVE-2008-2010] Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
[CVE-2008-1998] The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
[CVE-2008-1932] Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allows local users to execute arbitrary code via a crafted IOCTL request.
[CVE-2008-1931] Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before 6.0.1.5605 on Windows Vista allow local users to create, write, and read registry keys via a crafted IOCTL request.
[CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
[CVE-2008-1709] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.
[CVE-2008-1667] The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified opcode.
[CVE-2008-1663] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2008-1625] aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
[CVE-2008-1611] Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
[CVE-2008-1581] Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
[CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
[CVE-2008-1545] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.
[CVE-2008-1544] The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
[CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
[CVE-2008-1442] Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."
[CVE-2008-1438] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
[CVE-2008-1437] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.
[CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
[CVE-2008-1402] MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to cause a (1) denial of service (exception and crash) via a UDP packet to the SNMP Trap Service (MgWTrap3.exe) or (2) denial of service (device freeze or memory consumption) via a malformed request to the Net Inspector Server (niengine).
[CVE-2008-1401] Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.
[CVE-2008-1400] Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.
[CVE-2008-1368] CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection.
[CVE-2008-1363] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
[CVE-2008-1362] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
[CVE-2008-1361] VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.
[CVE-2008-1337] The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message.
[CVE-2008-1330] Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the attacker.
[CVE-2008-1299] Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown
[CVE-2008-1280] Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.
[CVE-2008-1204] Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
[CVE-2008-1201] Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.
[CVE-2008-1200] Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.
[CVE-2008-1118] Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.
[CVE-2008-1117] Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
[CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
[CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
[CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
[CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
[CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
[CVE-2008-1085] Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
[CVE-2008-1024] Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.
[CVE-2008-1023] Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
[CVE-2008-1021] Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.
[CVE-2008-1020] Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.
[CVE-2008-1001] Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
[CVE-2008-0768] Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
[CVE-2008-0766] Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are obtained from third party information.
[CVE-2008-0764] Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.
[CVE-2008-0663] Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.
[CVE-2008-0662] The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.
[CVE-2008-0639] Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.
[CVE-2008-0583] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454.
[CVE-2008-0582] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler.
[CVE-2008-0533] Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
[CVE-2008-0532] Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
[CVE-2008-0454] Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
[CVE-2008-0392] Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.
[CVE-2008-0296] Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
[CVE-2008-0250] Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.
[CVE-2008-0237] The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.
[CVE-2008-0236] An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.
[CVE-2008-0235] The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.
[CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
[CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
[CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
[CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
[CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
[CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
[CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
[CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
[CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
[CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
[CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
[CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
[CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
[CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
[CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
[CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
[CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
[CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
[CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
[CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
[CVE-2008-0082] An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
[CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
[CVE-2008-0078] Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
[CVE-2008-0077] Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
[CVE-2008-0076] Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
[CVE-2008-0075] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
[CVE-2008-0074] Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
[CVE-2008-0064] Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
[CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
[CVE-2007-6724] Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration.
[CVE-2007-6723] TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.
[CVE-2007-6722] Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.
[CVE-2007-6705] The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.
[CVE-2007-6701] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954.
[CVE-2007-6571] Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
[CVE-2007-6534] Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
[CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
[CVE-2007-6507] SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
[CVE-2007-6471] Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.
[CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
[CVE-2007-6405] Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
[CVE-2007-6404] Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI.
[CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
[CVE-2007-6349] P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.
[CVE-2007-6334] Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
[CVE-2007-6331] Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.
[CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
[CVE-2007-6326] Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.
[CVE-2007-6255] Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
[CVE-2007-6238] Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.
[CVE-2007-6227] QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
[CVE-2007-6166] Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
[CVE-2007-6146] Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.
[CVE-2007-6081] AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs.
[CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
[CVE-2007-6017] The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
[CVE-2007-6016] Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
[CVE-2007-5957] Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
[CVE-2007-5861] Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
[CVE-2007-5667] NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
[CVE-2007-5653] The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
[CVE-2007-5636] Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging."
[CVE-2007-5618] Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs.
[CVE-2007-5580] Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
[CVE-2007-5493] The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.
[CVE-2007-5473] StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
[CVE-2007-5470] Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.
[CVE-2007-5456] Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism.
[CVE-2007-5355] The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
[CVE-2007-5347] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
[CVE-2007-5344] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
[CVE-2007-5322] Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.
[CVE-2007-5302] Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2007-5277] Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
[CVE-2007-5250] The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. NOTE: this issue may overlap CVE-2007-4443. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
[CVE-2007-5236] Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.
[CVE-2007-5169] Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file.
[CVE-2007-5158] The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
[CVE-2007-5144] Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file.
[CVE-2007-5143] F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus.
[CVE-2007-5128] SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.
[CVE-2007-5126] Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
[CVE-2007-5090] Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
[CVE-2007-5080] Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
[CVE-2007-5066] Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
[CVE-2007-5023] Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
[CVE-2007-5020] Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
[CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
[CVE-2007-4972] RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions.
[CVE-2007-4971] ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime.
[CVE-2007-4970] ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey.
[CVE-2007-4969] Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.
[CVE-2007-4967] Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread.
[CVE-2007-4931] HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL.
[CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
[CVE-2007-4892] Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.
[CVE-2007-4891] A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
[CVE-2007-4890] Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.
[CVE-2007-4848] Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
[CVE-2007-4841] Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
[CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
[CVE-2007-4790] Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library
[CVE-2007-4776] Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
[CVE-2007-4698] Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
[CVE-2007-4692] The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
[CVE-2007-4673] Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
[CVE-2007-4671] Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain.
[CVE-2007-4599] Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
[CVE-2007-4578] Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
[CVE-2007-4516] The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
[CVE-2007-4512] Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.
[CVE-2007-4490] Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO.
[CVE-2007-4478] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 and 7 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.
[CVE-2007-4451] The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters.
[CVE-2007-4443] The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors.
[CVE-2007-4431] Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
[CVE-2007-4424] Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content.
[CVE-2007-4415] Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
[CVE-2007-4372] Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
[CVE-2007-4356] Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.
[CVE-2007-4348] Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.
[CVE-2007-4347] Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.
[CVE-2007-4346] The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp.
[CVE-2007-4336] Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.
[CVE-2007-4315] The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill".
[CVE-2007-4254] Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
[CVE-2007-4223] Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.
[CVE-2007-4221] Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests
[CVE-2007-4220] Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services.
[CVE-2007-4219] Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.
[CVE-2007-4218] Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll
[CVE-2007-4050] Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta Victoria edition allows remote attackers to access system-level windows via unspecified vectors.
[CVE-2007-4040] Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
[CVE-2007-4036] ** DISPUTED ** Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected
[CVE-2007-4025] Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
[CVE-2007-4006] Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
[CVE-2007-4005] Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.
[CVE-2007-3956] TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.
[CVE-2007-3954] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.
[CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
[CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
[CVE-2007-3903] Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
[CVE-2007-3902] Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
[CVE-2007-3901] Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
[CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
[CVE-2007-3895] Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
[CVE-2007-3893] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
[CVE-2007-3892] Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
[CVE-2007-3891] Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
[CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
[CVE-2007-3872] Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
[CVE-2007-3846] Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
[CVE-2007-3815] Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment.
[CVE-2007-3793] SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
[CVE-2007-3760] Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.
[CVE-2007-3758] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.
[CVE-2007-3756] Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.
[CVE-2007-3743] Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title.
[CVE-2007-3718] Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.
[CVE-2007-3678] Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name.
[CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
[CVE-2007-3658] Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library.
[CVE-2007-3625] The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
[CVE-2007-3615] Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
[CVE-2007-3576] ** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar."
[CVE-2007-3550] ** DISPUTED ** Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". NOTE: this issue has been disputed by a third party, who states that the zone settings cannot be manipulated.
[CVE-2007-3546] Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2007-3514] Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.
[CVE-2007-3509] Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
[CVE-2007-3504] Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
[CVE-2007-3497] Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.
[CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
[CVE-2007-3482] Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
[CVE-2007-3481] ** DISPUTED ** Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. NOTE: this issue has been disputed by other researchers, citing a variable scoping issue and information about the semantics of document.domain.
[CVE-2007-3445] Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
[CVE-2007-3437] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
[CVE-2007-3376] Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
[CVE-2007-3362] ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter.
[CVE-2007-3351] The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets.
[CVE-2007-3350] AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests.
[CVE-2007-3341] Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.
[CVE-2007-3334] Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
[CVE-2007-3285] Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
[CVE-2007-3284] corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.
[CVE-2007-3282] Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.
[CVE-2007-3274] Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.
[CVE-2007-3201] Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.
[CVE-2007-3187] Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
[CVE-2007-3186] Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.
[CVE-2007-3185] Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
[CVE-2007-3180] Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.
[CVE-2007-3164] Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
[CVE-2007-3153] The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
[CVE-2007-3111] Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
[CVE-2007-3109] The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
[CVE-2007-3092] Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.
[CVE-2007-3091] Race condition in Microsoft Internet Explorer 6 SP1
[CVE-2007-3075] Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.
[CVE-2007-3072] Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
[CVE-2007-3062] Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2007-3043] Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[CVE-2007-3041] Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."
[CVE-2007-3033] Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
[CVE-2007-3032] Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.
[CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
[CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
[CVE-2007-3027] Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
[CVE-2007-2954] Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854.
[CVE-2007-2931] Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
[CVE-2007-2927] Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame.
[CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
[CVE-2007-2897] Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic)
[CVE-2007-2896] Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
[CVE-2007-2885] The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
[CVE-2007-2884] Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
[CVE-2007-2883] Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.
[CVE-2007-2809] Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
[CVE-2007-2718] Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.
[CVE-2007-2528] Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.
[CVE-2007-2441] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.
[CVE-2007-2440] Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.
[CVE-2007-2439] Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension.
[CVE-2007-2407] The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
[CVE-2007-2400] Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
[CVE-2007-2398] Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
[CVE-2007-2391] Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.
[CVE-2007-2389] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
[CVE-2007-2388] Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
[CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
[CVE-2007-2344] The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field.
[CVE-2007-2291] CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.
[CVE-2007-2279] The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
[CVE-2007-2269] Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
[CVE-2007-2268] Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
[CVE-2007-2238] Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.
[CVE-2007-2223] Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
[CVE-2007-2222] Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
[CVE-2007-2161] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
[CVE-2007-2137] Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
[CVE-2007-2110] Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03).
[CVE-2007-2108] Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges.
[CVE-2007-2080] Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.
[CVE-2007-2079] The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products
[CVE-2007-1981] The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.
[CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
[CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
[CVE-2007-1876] VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."
[CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
[CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
[CVE-2007-1751] Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
[CVE-2007-1750] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
[CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
[CVE-2007-1593] The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer.
[CVE-2007-1580] FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". NOTE: this has been reported as a buffer overflow by some sources, but there is not a long argument.
[CVE-2007-1538] ** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product.
[CVE-2007-1405] Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
[CVE-2007-1382] The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
[CVE-2007-1281] Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
[CVE-2007-1278] Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.
[CVE-2007-1262] Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
[CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
[CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
[CVE-2007-1221] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
[CVE-2007-1220] The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
[CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
[CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
[CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
[CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
[CVE-2007-1196] Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
[CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
[CVE-2007-1114] The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
[CVE-2007-1094] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.
[CVE-2007-1091] Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
[CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
[CVE-2007-1070] Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
[CVE-2007-1069] The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).
[CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
[CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
[CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
[CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
[CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
[CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
[CVE-2007-0933] Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.
[CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
[CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
[CVE-2007-0842] The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
[CVE-2007-0780] browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
[CVE-2007-0711] Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
[CVE-2007-0685] Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
[CVE-2007-0678] SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.
[CVE-2007-0674] Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.
[CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
[CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
[CVE-2007-0468] Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.
[CVE-2007-0466] Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
[CVE-2007-0454] Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
[CVE-2007-0427] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.
[CVE-2007-0352] Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
[CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
[CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
[CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
[CVE-2007-0219] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
[CVE-2007-0218] Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
[CVE-2007-0217] The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
[CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
[CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
[CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
[CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
[CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
[CVE-2007-0125] Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.
[CVE-2007-0111] Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.
[CVE-2007-0108] nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.
[CVE-2007-0105] Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
[CVE-2007-0099] Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
[CVE-2007-0087] ** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
[CVE-2007-0060] Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
[CVE-2007-0047] CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
[CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
[CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
[CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
[CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
[CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
[CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
[CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
[CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
[CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
[CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
[CVE-2006-7065] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
[CVE-2006-7031] Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
[CVE-2006-7030] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
[CVE-2006-7029] Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.
[CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
[CVE-2006-6971] Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.
[CVE-2006-6956] Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
[CVE-2006-6908] Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
[CVE-2006-6898] Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.
[CVE-2006-6897] Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter.
[CVE-2006-6853] Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
[CVE-2006-6714] Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests.
[CVE-2006-6713] Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.
[CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
[CVE-2006-6578] Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.
[CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
[CVE-2006-6500] Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.
[CVE-2006-6458] The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.
[CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
[CVE-2006-6443] Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors.
[CVE-2006-6427] The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.
[CVE-2006-6334] Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
[CVE-2006-6311] Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript.
[CVE-2006-6310] Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown
[CVE-2006-6308] ** DISPUTED ** Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability.
[CVE-2006-6307] srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.
[CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
[CVE-2006-6120] Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.
[CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
[CVE-2006-5988] Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown
[CVE-2006-5961] Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown
[CVE-2006-5913] Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
[CVE-2006-5884] Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
[CVE-2006-5858] Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.
[CVE-2006-5850] Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
[CVE-2006-5805] Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
[CVE-2006-5581] Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
[CVE-2006-5579] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
[CVE-2006-5578] Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
[CVE-2006-5577] Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
[CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
[CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
[CVE-2006-5544] Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
[CVE-2006-5395] Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown
[CVE-2006-5330] CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
[CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
[CVE-2006-5266] Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component.
[CVE-2006-5265] Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message.
[CVE-2006-5162] wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.
[CVE-2006-5152] Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
[CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
[CVE-2006-4981] Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs).
[CVE-2006-4899] The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
[CVE-2006-4888] Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
[CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
[CVE-2006-4777] Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
[CVE-2006-4732] Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
[CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
[CVE-2006-4697] Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
[CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
[CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
[CVE-2006-4687] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
[CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
[CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
[CVE-2006-4627] System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument.
[CVE-2006-4614] PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat.
[CVE-2006-4613] Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018.
[CVE-2006-4560] Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
[CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
[CVE-2006-4513] Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
[CVE-2006-4494] Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
[CVE-2006-4492] Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
[CVE-2006-4465] ** DISPUTED ** Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code.
[CVE-2006-4446] Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
[CVE-2006-4444] Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality
[CVE-2006-4359] Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.
[CVE-2006-4332] Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib.
[CVE-2006-4315] Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.
[CVE-2006-4309] VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.
[CVE-2006-4301] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
[CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
[CVE-2006-4273] Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.
[CVE-2006-4258] Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter.
[CVE-2006-4193] Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
[CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
[CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.
[CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
[CVE-2006-4098] Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
[CVE-2006-4097] Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
[CVE-2006-4046] Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
[CVE-2006-3945] The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.
[CVE-2006-3910] Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
[CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
[CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
[CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
[CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
[CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
[CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
[CVE-2006-3854] Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853.
[CVE-2006-3853] Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
[CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
[CVE-2006-3779] Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
[CVE-2006-3729] DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference.
[CVE-2006-3697] Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function
[CVE-2006-3675] Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.
[CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
[CVE-2006-3659] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
[CVE-2006-3658] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.
[CVE-2006-3657] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
[CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
[CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
[CVE-2006-3654] Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.
[CVE-2006-3653] wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.
[CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
[CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
[CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
[CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
[CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
[CVE-2006-3640] Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
[CVE-2006-3639] Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
[CVE-2006-3638] Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."
[CVE-2006-3637] Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
[CVE-2006-3605] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.
[CVE-2006-3601] ** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable.
[CVE-2006-3591] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
[CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
[CVE-2006-3545] ** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3.
[CVE-2006-3513] danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.
[CVE-2006-3512] Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference.
[CVE-2006-3511] Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.
[CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
[CVE-2006-3488] Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim.
[CVE-2006-3472] Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown
[CVE-2006-3451] Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
[CVE-2006-3450] Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
[CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
[CVE-2006-3438] Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
[CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
[CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
[CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
[CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
[CVE-2006-3427] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference.
[CVE-2006-3357] Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
[CVE-2006-3354] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
[CVE-2006-3351] Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.
[CVE-2006-3290] HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.
[CVE-2006-3289] Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".
[CVE-2006-3288] Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors.
[CVE-2006-3287] Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).
[CVE-2006-3286] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951).
[CVE-2006-3285] The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955).
[CVE-2006-3281] Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
[CVE-2006-3280] Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
[CVE-2006-3274] Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
[CVE-2006-3268] Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.
[CVE-2006-3250] Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.
[CVE-2006-3226] Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."
[CVE-2006-3146] The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.
[CVE-2006-3086] Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
[CVE-2006-3074] klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
[CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
[CVE-2006-3014] Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
[CVE-2006-2919] Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption.
[CVE-2006-2856] ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown
[CVE-2006-2838] Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.
[CVE-2006-2719] JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
[CVE-2006-2718] JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
[CVE-2006-2679] Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
[CVE-2006-2612] Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.
[CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
[CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
[CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
[CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
[CVE-2006-2385] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.
[CVE-2006-2384] Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
[CVE-2006-2383] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
[CVE-2006-2382] Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."
[CVE-2006-2312] Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
[CVE-2006-2311] Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.
[CVE-2006-2310] BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.
[CVE-2006-2297] Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling.
[CVE-2006-2273] The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.
[CVE-2006-2197] Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document.
[CVE-2006-2155] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.
[CVE-2006-2154] EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog.
[CVE-2006-2111] A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
[CVE-2006-2092] Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors.
[CVE-2006-2058] Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
[CVE-2006-2057] Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
[CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
[CVE-2006-1992] mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.
[CVE-2006-1953] Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL.
[CVE-2006-1952] Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request.
[CVE-2006-1942] Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
[CVE-2006-1934] Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
[CVE-2006-1774] HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL.
[CVE-2006-1725] Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.
[CVE-2006-1626] Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.
[CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
[CVE-2006-1511] Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.
[CVE-2006-1483] Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL.
[CVE-2006-1467] Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
[CVE-2006-1394] Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
[CVE-2006-1388] Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
[CVE-2006-1378] PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.
[CVE-2006-1364] Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
[CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
[CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
[CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
[CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
[CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
[CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
[CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
[CVE-2006-1303] Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
[CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
[CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
[CVE-2006-1298] Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec.
[CVE-2006-1297] Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors."
[CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
[CVE-2006-1245] Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
[CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
[CVE-2006-1192] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
[CVE-2006-1191] Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.
[CVE-2006-1190] Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
[CVE-2006-1189] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."
[CVE-2006-1188] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
[CVE-2006-1186] Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
[CVE-2006-1185] Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
[CVE-2006-1166] Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.
[CVE-2006-1161] Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
[CVE-2006-1043] Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).
[CVE-2006-1023] Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
[CVE-2006-1016] Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.
[CVE-2006-1009] M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access.
[CVE-2006-0994] Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption.
[CVE-2006-0991] Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
[CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
[CVE-2006-0858] Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder.
[CVE-2006-0818] Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.
[CVE-2006-0817] Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556.
[CVE-2006-0816] Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.
[CVE-2006-0814] response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
[CVE-2006-0799] Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different.
[CVE-2006-0773] Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function.
[CVE-2006-0772] SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.
[CVE-2006-0766] ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.
[CVE-2006-0765] GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.
[CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
[CVE-2006-0705] Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
[CVE-2006-0656] Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.
[CVE-2006-0611] Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.
[CVE-2006-0585] jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference.
[CVE-2006-0564] Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.
[CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
[CVE-2006-0488] The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.
[CVE-2006-0376] The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place.
[CVE-2006-0368] Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.
[CVE-2006-0363] The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
[CVE-2006-0338] Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.
[CVE-2006-0337] Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives.
[CVE-2006-0255] Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.
[CVE-2006-0229] Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key.
[CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
[CVE-2006-0166] Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.
[CVE-2006-0106] gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase.
[CVE-2006-0105] PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests.
[CVE-2006-0097] Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.
[CVE-2006-0057] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
[CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
[CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
[CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
[CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
[CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
[CVE-2006-0027] Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
[CVE-2006-0026] Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
[CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
[CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
[CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
[CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
[CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
[CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
[CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
[CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
[CVE-2005-4827] Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
[CVE-2005-4812] The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan.
[CVE-2005-4810] Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).
[CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
[CVE-2005-4697] The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.
[CVE-2005-4696] The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.
[CVE-2005-4679] Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
[CVE-2005-4579] Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form.
[CVE-2005-4578] Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form.
[CVE-2005-4577] Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form.
[CVE-2005-4505] Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
[CVE-2005-4417] The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile.
[CVE-2005-4210] Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title.
[CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
[CVE-2005-4089] Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
[CVE-2005-3983] Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability.
[CVE-2005-3889] Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads.
[CVE-2005-3886] Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
[CVE-2005-3663] Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
[CVE-2005-3643] IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.
[CVE-2005-3642] IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username.
[CVE-2005-3641] Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
[CVE-2005-3591] Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.
[CVE-2005-3568] db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
[CVE-2005-3483] Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size.
[CVE-2005-3468] Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files.
[CVE-2005-3421] estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
[CVE-2005-3312] The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.
[CVE-2005-3284] Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives.
[CVE-2005-3267] Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.
[CVE-2005-3265] Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.
[CVE-2005-3240] Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
[CVE-2005-3182] Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
[CVE-2005-3156] Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal.
[CVE-2005-3077] Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.
[CVE-2005-3059] Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding."
[CVE-2005-3041] Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."
[CVE-2005-3030] Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive.
[CVE-2005-3029] Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive.
[CVE-2005-2986] The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges.
[CVE-2005-2957] Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive.
[CVE-2005-2939] Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
[CVE-2005-2938] Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
[CVE-2005-2936] Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
[CVE-2005-2858] The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method.
[CVE-2005-2831] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
[CVE-2005-2830] Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
[CVE-2005-2829] Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."
[CVE-2005-2827] The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."
[CVE-2005-2804] Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.
[CVE-2005-2771] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied.
[CVE-2005-2770] WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login.
[CVE-2005-2765] The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included.
[CVE-2005-2726] Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR.
[CVE-2005-2707] Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
[CVE-2005-2678] Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
[CVE-2005-2611] VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.
[CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
[CVE-2005-2572] MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
[CVE-2005-2551] Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
[CVE-2005-2502] Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
[CVE-2005-2429] Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.
[CVE-2005-2371] Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
[CVE-2005-2308] The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
[CVE-2005-2304] Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.
[CVE-2005-2274] Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
[CVE-2005-2226] Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
[CVE-2005-2225] Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.
[CVE-2005-2224] aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
[CVE-2005-2150] Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.
[CVE-2005-2146] SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
[CVE-2005-2143] Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
[CVE-2005-2127] Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
[CVE-2005-2126] The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
[CVE-2005-2124] Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability."
[CVE-2005-2123] Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
[CVE-2005-2119] The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
[CVE-2005-2089] Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
[CVE-2005-2087] Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
[CVE-2005-2080] Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.
[CVE-2005-2079] Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.
[CVE-2005-1970] Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
[CVE-2005-1935] Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
[CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
[CVE-2005-1928] Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak.
[CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
[CVE-2005-1905] The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs.
[CVE-2005-1829] Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other.
[CVE-2005-1794] Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.
[CVE-2005-1792] Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache.
[CVE-2005-1791] Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
[CVE-2005-1790] Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."
[CVE-2005-1766] Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file.
[CVE-2005-1719] Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses.
[CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
[CVE-2005-1665] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
[CVE-2005-1664] The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
[CVE-2005-1649] The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
[CVE-2005-1590] The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.
[CVE-2005-1576] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
[CVE-2005-1575] The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160.
[CVE-2005-1574] Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.
[CVE-2005-1407] Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
[CVE-2005-1346] Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
[CVE-2005-1286] Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
[CVE-2005-1272] Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
[CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
[CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
[CVE-2005-1214] Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
[CVE-2005-1213] Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
[CVE-2005-1212] Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
[CVE-2005-1211] Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.
[CVE-2005-1191] The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
[CVE-2005-1185] Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe.
[CVE-2005-1182] Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.
[CVE-2005-1150] Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).
[CVE-2005-1106] PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.
[CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
[CVE-2005-1045] OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
[CVE-2005-0954] Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file.
[CVE-2005-0944] Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.
[CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
[CVE-2005-0904] Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
[CVE-2005-0871] calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.
[CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
[CVE-2005-0803] The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
[CVE-2005-0773] Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
[CVE-2005-0772] VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.
[CVE-2005-0771] VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.
[CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
[CVE-2005-0688] Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
[CVE-2005-0573] Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.
[CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
[CVE-2005-0563] Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("javAsc

[CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
[CVE-2005-0555] Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
[CVE-2005-0554] Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
[CVE-2005-0553] Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".
[CVE-2005-0500] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
[CVE-2005-0452] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
[CVE-2005-0425] Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine.
[CVE-2005-0420] Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
[CVE-2005-0416] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
[CVE-2005-0360] The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files.
[CVE-2005-0324] Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.
[CVE-2005-0230] Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."
[CVE-2005-0148] Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
[CVE-2005-0110] Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
[CVE-2005-0083] MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.
[CVE-2005-0057] The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
[CVE-2005-0051] The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."
[CVE-2005-0050] The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."
[CVE-2005-0049] Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
[CVE-2005-0047] Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
[CVE-2005-0045] The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
[CVE-2005-0044] The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."
[CVE-2004-2694] Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
[CVE-2004-2657] ** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision."
[CVE-2004-2643] Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.
[CVE-2004-2635] An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.
[CVE-2004-2628] Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
[CVE-2004-2609] The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.
[CVE-2004-2594] Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
[CVE-2004-2565] Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.
[CVE-2004-2564] Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.
[CVE-2004-2555] Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.
[CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
[CVE-2004-2476] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
[CVE-2004-2442] Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.
[CVE-2004-2434] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
[CVE-2004-2383] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario
[CVE-2004-2382] The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".
[CVE-2004-2379] Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
[CVE-2004-2378] @Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.
[CVE-2004-2296] The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.
[CVE-2004-2276] F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
[CVE-2004-2220] F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.
[CVE-2004-2219] Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
[CVE-2004-2179] asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
[CVE-2004-2147] Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
[CVE-2004-2091] Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
[CVE-2004-2090] Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
[CVE-2004-2070] The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.
[CVE-2004-2022] ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
[CVE-2004-2005] Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
[CVE-2004-1944] Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.
[CVE-2004-1922] Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
[CVE-2004-1777] A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
[CVE-2004-1686] Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
[CVE-2004-1649] Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.
[CVE-2004-1623] The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.
[CVE-2004-1560] Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.
[CVE-2004-1527] Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
[CVE-2004-1481] Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
[CVE-2004-1380] Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
[CVE-2004-1376] Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
[CVE-2004-1361] Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
[CVE-2004-1331] The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
[CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
[CVE-2004-1317] Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
[CVE-2004-1312] A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
[CVE-2004-1306] Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.
[CVE-2004-1305] The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
[CVE-2004-1244] Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
[CVE-2004-1198] Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
[CVE-2004-1166] CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
[CVE-2004-1155] Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
[CVE-2004-1134] Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
[CVE-2004-1133] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.
[CVE-2004-1122] Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
[CVE-2004-1104] Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
[CVE-2004-1099] Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
[CVE-2004-1043] Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
[CVE-2004-1038] A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.
[CVE-2004-1023] Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
[CVE-2004-0988] Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.
[CVE-2004-0985] Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
[CVE-2004-0979] Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
[CVE-2004-0964] Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
[CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
[CVE-2004-0937] Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
[CVE-2004-0928] The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in "
[CVE-2004-0894] LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
[CVE-2004-0893] The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
[CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
[CVE-2004-0848] Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
[CVE-2004-0847] The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
[CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
[CVE-2004-0839] Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
[CVE-2004-0830] The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet.
[CVE-2004-0829] smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
[CVE-2004-0775] Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests.
[CVE-2004-0774] RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.
[CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
[CVE-2004-0723] Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."
[CVE-2004-0719] Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
[CVE-2004-0717] Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
[CVE-2004-0712] The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
[CVE-2004-0610] The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections.
[CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
[CVE-2004-0572] Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
[CVE-2004-0568] HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
[CVE-2004-0567] The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."
[CVE-2004-0566] Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
[CVE-2004-0552] Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
[CVE-2004-0484] mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
[CVE-2004-0475] The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
[CVE-2004-0473] Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
[CVE-2004-0420] The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
[CVE-2004-0380] The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
[CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
[CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
[CVE-2004-0281] Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.
[CVE-2004-0215] Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
[CVE-2004-0213] Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
[CVE-2004-0212] Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
[CVE-2004-0205] Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
[CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
[CVE-2004-0200] Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
[CVE-2004-0197] Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
[CVE-2004-0123] Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
[CVE-2004-0122] Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
[CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
[CVE-2004-0119] The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
[CVE-2004-0118] The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
[CVE-2004-0117] Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
[CVE-2004-0115] VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
[CVE-2004-0090] Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
[CVE-2004-0069] Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.
[CVE-2003-1590] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.
[CVE-2003-1589] Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.
[CVE-2003-1582] Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
[CVE-2003-1579] Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
[CVE-2003-1569] GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
[CVE-2003-1567] The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
[CVE-2003-1566] Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.
[CVE-2003-1559] Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
[CVE-2003-1544] Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
[CVE-2003-1524] PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
[CVE-2003-1505] Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
[CVE-2003-1484] Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
[CVE-2003-1482] The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
[CVE-2003-1448] Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
[CVE-2003-1407] Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
[CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
[CVE-2003-1357] ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
[CVE-2003-1328] The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
[CVE-2003-1326] Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
[CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
[CVE-2003-1305] Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page.
[CVE-2003-1233] Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
[CVE-2003-1227] PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
[CVE-2003-1142] Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
[CVE-2003-1127] Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor.
[CVE-2003-1126] Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
[CVE-2003-1027] Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
[CVE-2003-0995] Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
[CVE-2003-0910] The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
[CVE-2003-0909] Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
[CVE-2003-0905] Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.
[CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
[CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
[CVE-2003-0897] "Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.
[CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
[CVE-2003-0837] Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
[CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
[CVE-2003-0823] Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
[CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
[CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
[CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
[CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
[CVE-2003-0813] A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
[CVE-2003-0812] Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
[CVE-2003-0768] Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
[CVE-2003-0767] Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.
[CVE-2003-0717] The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
[CVE-2003-0712] Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
[CVE-2003-0711] Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
[CVE-2003-0666] Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
[CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
[CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
[CVE-2003-0663] Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
[CVE-2003-0661] The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
[CVE-2003-0659] Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
[CVE-2003-0642] WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory.
[CVE-2003-0641] WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess.
[CVE-2003-0605] The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
[CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
[CVE-2003-0525] The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
[CVE-2003-0519] Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.
[CVE-2003-0513] Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
[CVE-2003-0507] Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
[CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
[CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
[CVE-2003-0503] Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
[CVE-2003-0469] Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
[CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
[CVE-2003-0446] Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.
[CVE-2003-0414] The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.
[CVE-2003-0413] Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
[CVE-2003-0412] Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.
[CVE-2003-0411] Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
[CVE-2003-0389] Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
[CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
[CVE-2003-0350] The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
[CVE-2003-0347] Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
[CVE-2003-0344] Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
[CVE-2003-0306] Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
[CVE-2003-0268] SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.
[CVE-2003-0267] ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.
[CVE-2003-0266] Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.
[CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
[CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
[CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
[CVE-2003-0226] Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
[CVE-2003-0225] The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
[CVE-2003-0224] Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
[CVE-2003-0223] Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
[CVE-2003-0172] Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.
[CVE-2003-0168] Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
[CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
[CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
[CVE-2003-0116] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
[CVE-2003-0115] Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
[CVE-2003-0114] The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
[CVE-2003-0113] Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
[CVE-2003-0112] Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
[CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
[CVE-2003-0045] Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
[CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
[CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
[CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
[CVE-2003-0010] Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
[CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
[CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
[CVE-2002-2435] The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
[CVE-2002-2413] WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
[CVE-2002-2401] NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
[CVE-2002-2395] InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding.
[CVE-2002-2394] InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding.
[CVE-2002-2380] NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
[CVE-2002-2328] Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
[CVE-2002-2324] The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
[CVE-2002-2313] Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer.
[CVE-2002-2311] Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
[CVE-2002-2275] Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe.
[CVE-2002-2248] Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
[CVE-2002-2224] Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload.
[CVE-2002-2169] Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.
[CVE-2002-2164] Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
[CVE-2002-2132] Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
[CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
[CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
[CVE-2002-2083] The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
[CVE-2002-2081] cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
[CVE-2002-2077] The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
[CVE-2002-2070] SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
[CVE-2002-2069] PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
[CVE-2002-2068] Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
[CVE-2002-2067] East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
[CVE-2002-2066] BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
[CVE-2002-2062] Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
[CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
[CVE-2002-2028] The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
[CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
[CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
[CVE-2002-1973] Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
[CVE-2002-1940] LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.
[CVE-2002-1923] The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
[CVE-2002-1921] The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.
[CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
[CVE-2002-1908] Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.
[CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
[CVE-2002-1875] Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity.
[CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
[CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
[CVE-2002-1869] Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
[CVE-2002-1861] Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
[CVE-2002-1860] Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
[CVE-2002-1859] Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
[CVE-2002-1858] Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
[CVE-2002-1857] jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
[CVE-2002-1856] HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
[CVE-2002-1855] Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
[CVE-2002-1848] TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
[CVE-2002-1839] Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
[CVE-2002-1833] The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges.
[CVE-2002-1831] Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
[CVE-2002-1824] Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
[CVE-2002-1817] Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.
[CVE-2002-1809] The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
[CVE-2002-1795] Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
[CVE-2002-1790] The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
[CVE-2002-1780] BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves.
[CVE-2002-1779] The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
[CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
[CVE-2002-1770] Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer.
[CVE-2002-1769] Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
[CVE-2002-1762] Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java.
[CVE-2002-1749] Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
[CVE-2002-1745] Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
[CVE-2002-1744] Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
[CVE-2002-1718] Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
[CVE-2002-1717] Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf.
[CVE-2002-1716] The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.
[CVE-2002-1714] Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
[CVE-2002-1705] Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
[CVE-2002-1698] Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
[CVE-2002-1696] Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
[CVE-2002-1694] Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
[CVE-2002-1688] The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
[CVE-2002-1684] Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents.
[CVE-2002-1671] Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object.
[CVE-2002-1588] Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.
[CVE-2002-1561] The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
[CVE-2002-1325] Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
[CVE-2002-1295] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."
[CVE-2002-1294] The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.
[CVE-2002-1293] The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.
[CVE-2002-1292] The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
[CVE-2002-1291] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.
[CVE-2002-1290] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.
[CVE-2002-1289] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
[CVE-2002-1288] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call.
[CVE-2002-1287] Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
[CVE-2002-1286] The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user.
[CVE-2002-1260] The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
[CVE-2002-1258] Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.
[CVE-2002-1257] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
[CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
[CVE-2002-1230] NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
[CVE-2002-1181] Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
[CVE-2002-1179] Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
[CVE-2002-1150] The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.
[CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
[CVE-2002-1143] Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
[CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
[CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
[CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
[CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
[CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
[CVE-2002-1095] Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
[CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
[CVE-2002-1052] Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
[CVE-2002-1042] Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
[CVE-2002-1029] Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990.
[CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
[CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
[CVE-2002-0978] Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function.
[CVE-2002-0977] Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value.
[CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
[CVE-2002-0974] Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.
[CVE-2002-0969] Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
[CVE-2002-0965] Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
[CVE-2002-0869] Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."
[CVE-2002-0867] Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."
[CVE-2002-0866] Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
[CVE-2002-0865] A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."
[CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
[CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
[CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
[CVE-2002-0833] Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.
[CVE-2002-0795] The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.
[CVE-2002-0788] An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
[CVE-2002-0736] Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
[CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
[CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
[CVE-2002-0726] Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.
[CVE-2002-0725] NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
[CVE-2002-0723] Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
[CVE-2002-0722] Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."
[CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
[CVE-2002-0720] A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.
[CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
[CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
[CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
[CVE-2002-0698] Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
[CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
[CVE-2002-0696] Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames.
[CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
[CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
[CVE-2002-0691] Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189.
[CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
[CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
[CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
[CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
[CVE-2002-0648] The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
[CVE-2002-0647] Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
[CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
[CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
[CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
[CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
[CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
[CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
[CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
[CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
[CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
[CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
[CVE-2002-0576] ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
[CVE-2002-0507] An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
[CVE-2002-0481] An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
[CVE-2002-0421] IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
[CVE-2002-0419] Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector
[CVE-2002-0409] orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.
[CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
[CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
[CVE-2002-0367] smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
[CVE-2002-0366] Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
[CVE-2002-0340] Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content.
[CVE-2002-0314] fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.
[CVE-2002-0285] Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
[CVE-2002-0283] Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.
[CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
[CVE-2002-0228] Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
[CVE-2002-0208] PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.
[CVE-2002-0201] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
[CVE-2002-0200] Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
[CVE-2002-0193] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
[CVE-2002-0191] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
[CVE-2002-0190] Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
[CVE-2002-0188] Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
[CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
[CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
[CVE-2002-0160] The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
[CVE-2002-0159] Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
[CVE-2002-0155] Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
[CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
[CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
[CVE-2002-0147] Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
[CVE-2002-0142] CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters.
[CVE-2002-0101] Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.
[CVE-2002-0078] The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
[CVE-2002-0077] Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.
[CVE-2002-0076] Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
[CVE-2002-0070] Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
[CVE-2002-0065] Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry.
[CVE-2002-0058] Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
[CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
[CVE-2002-0053] Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.
[CVE-2002-0051] Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
[CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
[CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
[CVE-2002-0021] Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
[CVE-2002-0020] Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
[CVE-2001-1573] Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
[CVE-2001-1571] The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
[CVE-2001-1570] Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
[CVE-2001-1560] Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
[CVE-2001-1552] ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
[CVE-2001-1549] Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
[CVE-2001-1548] ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
[CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
[CVE-2001-1519] ** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it.
[CVE-2001-1518] RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
[CVE-2001-1517] ** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
[CVE-2001-1515] Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
[CVE-2001-1514] ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
[CVE-2001-1497] Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
[CVE-2001-1489] Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
[CVE-2001-1462] WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
[CVE-2001-1461] Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
[CVE-2001-1452] By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
[CVE-2001-1450] Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
[CVE-2001-1410] Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
[CVE-2001-1347] Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
[CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
[CVE-2001-1326] Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
[CVE-2001-1325] Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
[CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
[CVE-2001-1302] The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
[CVE-2001-1288] Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
[CVE-2001-1243] Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
[CVE-2001-1238] Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
[CVE-2001-1219] Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
[CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
[CVE-2001-1192] Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
[CVE-2001-1186] Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
[CVE-2001-1122] Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
[CVE-2001-1116] Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
[CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
[CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
[CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
[CVE-2001-0951] Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
[CVE-2001-0919] Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
[CVE-2001-0902] Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
[CVE-2001-0877] Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
[CVE-2001-0876] Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
[CVE-2001-0860] Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
[CVE-2001-0845] Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.
[CVE-2001-0791] Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access.
[CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
[CVE-2001-0726] Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
[CVE-2001-0721] Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.
[CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
[CVE-2001-0709] Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
[CVE-2001-0687] Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename).
[CVE-2001-0678] A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code.
[CVE-2001-0675] Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carrage return <CR> that is not followed by a line feed <LF>.
[CVE-2001-0669] Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
[CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
[CVE-2001-0663] Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
[CVE-2001-0662] RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.
[CVE-2001-0660] Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
[CVE-2001-0659] Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
[CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
[CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
[CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
[CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
[CVE-2001-0543] Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
[CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
[CVE-2001-0540] Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.
[CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
[CVE-2001-0513] Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
[CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
[CVE-2001-0503] Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
[CVE-2001-0502] Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
[CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
[CVE-2001-0382] Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
[CVE-2001-0373] The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
[CVE-2001-0365] Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.
[CVE-2001-0364] SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.
[CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
[CVE-2001-0341] Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
[CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
[CVE-2001-0337] The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
[CVE-2001-0336] The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
[CVE-2001-0324] Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
[CVE-2001-0281] Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
[CVE-2001-0265] ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
[CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
[CVE-2001-0243] Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.
[CVE-2001-0241] Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
[CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
[CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
[CVE-2001-0238] Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
[CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
[CVE-2001-0191] gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
[CVE-2001-0152] The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
[CVE-2001-0149] Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
[CVE-2001-0148] The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
[CVE-2001-0147] Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
[CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
[CVE-2001-0137] Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
[CVE-2001-0083] Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
[CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
[CVE-2001-0046] The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
[CVE-2001-0045] The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
[CVE-2001-0018] Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
[CVE-2001-0017] Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
[CVE-2001-0015] Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
[CVE-2001-0014] Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
[CVE-2001-0006] The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
[CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
[CVE-2000-1227] Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
[CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
[CVE-2000-1200] Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
[CVE-2000-1149] Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
[CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
[CVE-2000-1111] Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
[CVE-2000-1105] The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
[CVE-2000-1090] Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
[CVE-2000-1089] Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
[CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1084] The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1083] The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1082] The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1081] The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
[CVE-2000-1071] The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.
[CVE-2000-1061] Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
[CVE-2000-1060] The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
[CVE-2000-1059] The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
[CVE-2000-1034] Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
[CVE-2000-1006] Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.
[CVE-2000-1003] NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
[CVE-2000-0991] Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.
[CVE-2000-0983] Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
[CVE-2000-0980] NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.
[CVE-2000-0979] File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.
[CVE-2000-0933] The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.
[CVE-2000-0885] Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
[CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
[CVE-2000-0851] Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
[CVE-2000-0834] The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.
[CVE-2000-0830] annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
[CVE-2000-0817] Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.
[CVE-2000-0788] The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
[CVE-2000-0777] The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.
[CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
[CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
[CVE-2000-0753] The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
[CVE-2000-0737] The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
[CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
[CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
[CVE-2000-0663] The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
[CVE-2000-0662] Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).
[CVE-2000-0654] Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.
[CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
[CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
[CVE-2000-0612] Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.
[CVE-2000-0603] Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.
[CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
[CVE-2000-0596] Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
[CVE-2000-0581] Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
[CVE-2000-0580] Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization.
[CVE-2000-0567] Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
[CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
[CVE-2000-0544] Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
[CVE-2000-0524] Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
[CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
[CVE-2000-0487] The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
[CVE-2000-0485] Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
[CVE-2000-0475] Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.
[CVE-2000-0420] The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
[CVE-2000-0403] The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
[CVE-2000-0402] The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
[CVE-2000-0400] The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.
[CVE-2000-0377] The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
[CVE-2000-0347] Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.
[CVE-2000-0330] The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
[CVE-2000-0329] A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
[CVE-2000-0328] Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
[CVE-2000-0327] Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
[CVE-2000-0325] The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
[CVE-2000-0323] The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
[CVE-2000-0311] The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
[CVE-2000-0305] Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
[CVE-2000-0304] Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
[CVE-2000-0302] Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
[CVE-2000-0298] The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
[CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
[CVE-2000-0260] Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
[CVE-2000-0259] The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.
[CVE-2000-0232] Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
[CVE-2000-0222] The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
[CVE-2000-0211] The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.
[CVE-2000-0202] Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
[CVE-2000-0201] The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
[CVE-2000-0200] Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
[CVE-2000-0199] When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
[CVE-2000-0197] The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
[CVE-2000-0162] The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
[CVE-2000-0161] Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
[CVE-2000-0160] The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
[CVE-2000-0155] Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.
[CVE-2000-0132] Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
[CVE-2000-0121] The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
[CVE-2000-0119] The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
[CVE-2000-0098] Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.
[CVE-2000-0097] The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
[CVE-2000-0073] Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
[CVE-2000-0070] NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
[CVE-2000-0053] Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
[CVE-1999-1593] Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.
[CVE-1999-1591] Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
[CVE-1999-1584] Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
[CVE-1999-1581] Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.
[CVE-1999-1579] The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.
[CVE-1999-1556] Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
[CVE-1999-1544] Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
[CVE-1999-1531] Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.
[CVE-1999-1520] A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
[CVE-1999-1476] A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
[CVE-1999-1463] Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session.
[CVE-1999-1455] RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
[CVE-1999-1454] Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.
[CVE-1999-1452] GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
[CVE-1999-1430] PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
[CVE-1999-1387] Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25.
[CVE-1999-1380] Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
[CVE-1999-1368] AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.
[CVE-1999-1365] Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.
[CVE-1999-1364] Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
[CVE-1999-1363] Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
[CVE-1999-1362] Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
[CVE-1999-1361] Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
[CVE-1999-1360] Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
[CVE-1999-1359] When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
[CVE-1999-1358] When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
[CVE-1999-1356] Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.
[CVE-1999-1324] VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
[CVE-1999-1317] Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
[CVE-1999-1316] Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.
[CVE-1999-1297] cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
[CVE-1999-1294] Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
[CVE-1999-1289] ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
[CVE-1999-1279] An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
[CVE-1999-1259] Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
[CVE-1999-1254] Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.
[CVE-1999-1246] Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
[CVE-1999-1234] LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.
[CVE-1999-1222] Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.
[CVE-1999-1217] The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
[CVE-1999-1206] SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control.
[CVE-1999-1201] Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
[CVE-1999-1189] Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
[CVE-1999-1164] Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.
[CVE-1999-1157] Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
[CVE-1999-1133] HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.
[CVE-1999-1132] Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
[CVE-1999-1128] Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
[CVE-1999-1127] Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
[CVE-1999-1110] Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
[CVE-1999-1105] Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
[CVE-1999-1104] Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
[CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
[CVE-1999-1065] Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode.
[CVE-1999-1055] Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
[CVE-1999-1052] Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users.
[CVE-1999-1043] Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).
[CVE-1999-1033] Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
[CVE-1999-1016] Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
[CVE-1999-1011] The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
[CVE-1999-0999] Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
[CVE-1999-0995] Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
[CVE-1999-0994] Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
[CVE-1999-0993] Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
[CVE-1999-0987] Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
[CVE-1999-0980] Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
[CVE-1999-0975] The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
[CVE-1999-0969] The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
[CVE-1999-0967] Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
[CVE-1999-0945] Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
[CVE-1999-0918] Denial of service in various Windows systems via malformed, fragmented IGMP packets.
[CVE-1999-0910] Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
[CVE-1999-0909] Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
[CVE-1999-0899] The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
[CVE-1999-0898] Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
[CVE-1999-0886] The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
[CVE-1999-0839] Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
[CVE-1999-0824] A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
[CVE-1999-0815] Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
[CVE-1999-0794] Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
[CVE-1999-0766] The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.
[CVE-1999-0755] Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
[CVE-1999-0728] A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
[CVE-1999-0726] An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
[CVE-1999-0723] The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
[CVE-1999-0721] Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
[CVE-1999-0718] IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
[CVE-1999-0717] A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
[CVE-1999-0716] Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
[CVE-1999-0701] After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
[CVE-1999-0700] Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
[CVE-1999-0682] Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
[CVE-1999-0680] Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
[CVE-1999-0665] An application-critical Windows NT registry key has an inappropriate value.
[CVE-1999-0664] An application-critical Windows NT registry key has inappropriate permissions.
[CVE-1999-0611] A system-critical Windows NT registry key has an inappropriate value.
[CVE-1999-0603] In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.
[CVE-1999-0597] A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.
[CVE-1999-0596] A Windows NT log file has an inappropriate maximum size or retention period.
[CVE-1999-0595] A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
[CVE-1999-0594] A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.
[CVE-1999-0593] The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
[CVE-1999-0592] The Logon box of a Windows NT system displays the name of the last user who logged in.
[CVE-1999-0591] An event log in Windows NT has inappropriate access permissions.
[CVE-1999-0589] A system-critical Windows NT registry key has inappropriate permissions.
[CVE-1999-0585] A Windows NT administrator account has the default name of Administrator.
[CVE-1999-0584] A Windows NT file system is not NTFS.
[CVE-1999-0583] There is a one-way or two-way trust relationship between Windows NT domains.
[CVE-1999-0582] A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
[CVE-1999-0581] The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
[CVE-1999-0580] The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.
[CVE-1999-0579] A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
[CVE-1999-0578] A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
[CVE-1999-0577] A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
[CVE-1999-0576] A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
[CVE-1999-0575] A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.
[CVE-1999-0572] .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.
[CVE-1999-0570] Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
[CVE-1999-0562] The registry in Windows NT can be accessed remotely by users who are not administrators.
[CVE-1999-0560] A system-critical Windows NT file or directory has inappropriate permissions.
[CVE-1999-0549] Windows NT automatically logs in an administrator upon rebooting.
[CVE-1999-0546] The Windows NT guest account is enabled.
[CVE-1999-0535] A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
[CVE-1999-0534] A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.
[CVE-1999-0506] A Windows NT domain user or administrator account has a default, null, blank, or missing password.
[CVE-1999-0505] A Windows NT domain user or administrator account has a guessable password.
[CVE-1999-0504] A Windows NT local user or administrator account has a default, null, blank, or missing password.
[CVE-1999-0503] A Windows NT local user or administrator account has a guessable password.
[CVE-1999-0496] A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
[CVE-1999-0468] Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
[CVE-1999-0444] Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
[CVE-1999-0419] When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service.
[CVE-1999-0404] Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
[CVE-1999-0391] The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
[CVE-1999-0387] A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
[CVE-1999-0382] The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
[CVE-1999-0379] Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
[CVE-1999-0376] Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
[CVE-1999-0369] The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
[CVE-1999-0366] In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
[CVE-1999-0364] Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
[CVE-1999-0357] Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.
[CVE-1999-0345] Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
[CVE-1999-0285] Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
[CVE-1999-0280] Remote command execution in Microsoft Internet Explorer using .lnk and .url files.
[CVE-1999-0275] Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.
[CVE-1999-0274] Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.
[CVE-1999-0249] Windows NT RSHSVC program allows remote users to execute arbitrary commands.
[CVE-1999-0241] Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
[CVE-1999-0229] Denial of service in Windows NT IIS server using ..\..
[CVE-1999-0228] Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
[CVE-1999-0227] Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
[CVE-1999-0226] Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
[CVE-1999-0225] Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
[CVE-1999-0224] Denial of service in Windows NT messenger service through a long username.
[CVE-1999-0200] Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
[CVE-1999-0179] Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.
[CVE-1999-0158] Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.
[CVE-1999-0153] Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
[CVE-1999-0119] Windows NT 4.0 beta allows users to read and delete shares.
SecurityFocus - https://www.securityfocus.com/bid/:
[90065] Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability
IBM X-Force - https://exchange.xforce.ibmcloud.com:
[86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
[86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
[86096] Microsoft Windows NTVDM privilege escalation 3
[86095] Microsoft Windows NTVDM privilege escalation 2
[86094] Microsoft Windows NTVDM privilege escalation 1
[86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
[86090] Microsoft Windows ICMPv6 denial of service
[86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
[86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
[86074] Microsoft Windows Unicode code execution
[86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
[86072] Microsoft Windows Active Directory Federation Services information disclosure
[86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
[86069] Microsoft Windows Windows NAT Driver denial of service
[85801] Microsoft Windows Movie Maker .wav denial of service
[85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
[85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
[85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
[85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
[85234] Microsoft Windows privilege escalation
[85233] Microsoft Windows denial of service
[85232] Microsoft Windows privilege escalation
[85231] Microsoft Windows TrueType font file code execution
[85230] Microsoft Windows privilege escalation
[85229] Microsoft Windows privilege escalation
[85228] Microsoft Windows privilege escalation
[85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
[85226] Microsoft Windows Media Format Runtime code execution
[85224] Microsoft Windows DefenderCVE-2013-3154 privilege escalation
[85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
[85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
[84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
[84620] Microsoft Windows kernel denial of service
[84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
[84618] Microsoft Windows Print Spooler privilege escalation
[84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
[84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
[84614] Microsoft Windows kernel information disclosure
[84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
[84571] Microsoft Windows denial of service
[84546] Microsoft Windows Media Player .wav denial of service
[84391] Microsoft Windows win32k.sys privilege escalation
[84267] Microsoft Windows Update file detected
[84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
[83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
[83911] Microsoft Windows denial of service
[83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
[83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
[83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
[83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
[83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
[83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
[83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
[83875] Microsoft Windows privilege escalation
[83874] Microsoft Windows privilege escalation
[83873] Microsoft Windows privilege escalation
[83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
[83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
[83099] Microsoft Windows denial of service
[83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
[83097] Microsoft Windows privilege escalation
[83096] Microsoft Windows privilege escalation
[83095] Microsoft Windows denial of service
[83094] Microsoft Windows privilege escalation
[83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
[83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
[83090] Microsoft Windows privilege escalation
[83089] Microsoft Windows privilege escalation
[83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
[83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
[83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
[83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
[83081] Microsoft Windows Client/Server Run-time Subsystem privilege escalation
[83063] Microsoft Windows Modern Mail spoofing
[82776] Microsoft Internet Explorer 10 on Windows 8 sandbox security bypass
[82775] Microsoft Windows kernel privilege escalation
[82774] Microsoft Windows ASLR and DEP security bypass
[82772] Microsoft Windows ASLR security bypass
[82769] Microsoft Windows TTF denial of service
[82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
[82599] Microsoft Windows Live Essentials information disclosure
[82523] RSA Authentication Agent for Microsoft Windows Quick Pin security bypass
[82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
[82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
[82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
[82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
[82414] Microsoft Windows USB device privilege escalation
[82413] Microsoft Windows USB device privilege escalation
[82412] Microsoft Windows USB device privilege escalation
[82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
[82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
[82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
[82089] Microsoft Windows ZwSetInformationProcess() denial of service
[81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
[81858] Microsoft Windows OLE code execution
[81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
[81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
[81682] Microsoft Windows .MPG code execution
[81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
[81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
[81679] Microsoft Windows Client/Server Run-time Subsystem memory privilege escalation
[81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
[81677] Microsoft Windows TCP/IP sequence denial of service
[81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
[81675] Microsoft Windows NFS server denial of service
[81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
[81673] Microsoft Windows Vector Markup Language code execution
[81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
[81671] Microsoft Windows kernel privilege escalation
[81670] Microsoft Windows kernel privilege escalation
[81669] Microsoft Windows kernel privilege escalation
[81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
[81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
[81665] Microsoft Windows CVE-2013-1277 privilege escalation
[81664] Microsoft Windows CVE-2013-1276 privilege escalation
[81663] Microsoft Windows CVE-2013-1275 privilege escalation
[81662] Microsoft Windows CVE-2013-1274 privilege escalation
[81661] Microsoft Windows CVE-2013-1273 privilege escalation
[81660] Microsoft Windows CVE-2013-1272 privilege escalation
[81659] Microsoft Windows CVE-2013-1271 privilege escalation
[81658] Microsoft Windows CVE-2013-1270 privilege escalation
[81657] Microsoft Windows CVE-2013-1269 privilege escalation
[81656] Microsoft Windows CVE-2013-1268 privilege escalation
[81655] Microsoft Windows CVE-2013-1267 privilege escalation
[81654] Microsoft Windows CVE-2013-1266 privilege escalation
[81653] Microsoft Windows CVE-2013-1265 privilege escalation
[81652] Microsoft Windows CVE-2013-1264 privilege escalation
[81651] Microsoft Windows CVE-2013-1263 privilege escalation
[81650] Microsoft Windows CVE-2013-1262 privilege escalation
[81649] Microsoft Windows CVE-2013-1261 privilege escalation
[81648] Microsoft Windows CVE-2013-1260 privilege escalation
[81647] Microsoft Windows CVE-2013-1259 privilege escalation
[81646] Microsoft Windows CVE-2013-1258 privilege escalation
[81645] Microsoft Windows CVE-2013-1257 privilege escalation
[81644] Microsoft Windows CVE-2013-1256 privilege escalation
[81643] Microsoft Windows CVE-2013-1255 privilege escalation
[81642] Microsoft Windows CVE-2013-1254 privilege escalation
[81641] Microsoft Windows CVE-2013-1253 privilege escalation
[81640] Microsoft Windows CVE-2013-1252 privilege escalation
[81639] Microsoft Windows CVE-2013-1251 privilege escalation
[81638] Microsoft Windows CVE-2013-1250 privilege escalation
[81637] Microsoft Windows CVE-2013-1249 privilege escalation
[81636] Microsoft Windows CVE-2013-1248 privilege escalation
[81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
[81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
[80918] Microsoft Windows digital certificate spoofing
[80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
[80874] Microsoft Windows XML code execution
[80873] Microsoft Windows XML content code execution
[80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
[80869] Microsoft .NET Framework Windows Forms privilege escalation
[80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
[80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
[80864] Microsoft Windows print spooler code execution
[80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
[80862] Microsoft Windows broadcast privilege escalation
[80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
[80860] Microsoft Windows SSL/TLS security bypass
[80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
[80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
[80359] Microsoft Windows IPHTTPS security bypass
[80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
[80357] Microsoft Windows DirectPlay buffer overflow
[80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
[80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
[80351] Microsoft Windows TrueType Fonts files code execution
[80350] Microsoft Windows OpenType Font code execution
[80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
[79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
[79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
[79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
[79682] Microsoft Windows font code execution
[79681] Microsoft Windows kernel privilege escalation
[79680] Microsoft Windows kernel privilege escalation
[79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
[79678] Microsoft Windows filenames code execution
[79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
[79676] Microsoft Windows Briefcase integer overflow
[79675] Microsoft Windows Briefcase integer underflow
[79648] Microsoft Windows Help Viewer denial of service
[79479] Microsoft Windows Media Player .avi denial of service
[79124] Microsoft Windows IKE privilege escalation
[78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
[78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
[78861] Microsoft Windows Kerberos denial of service
[78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
[78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
[78855] Microsoft Windows kernel privilege escalation
[78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
[78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
[78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
[78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
[78620] Microsoft Windows Phone 7 domain name spoofing
[78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
[78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
[78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
[77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
[77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
[77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
[77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
[77356] Microsoft Windows RAP response packet buffer overflow
[77355] Microsoft Windows RAP response packet buffer overflow
[77354] Microsoft Windows Print Spooler service format string
[77353] Microsoft Windows Remote Administration Protocol denial of service
[77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
[77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
[77349] Microsoft Windows memory privilege escalation
[77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
[77347] Microsoft Windows Remote Desktop Protocol code execution
[77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
[77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
[77341] Microsoft Windows ActiveX control code execution
[77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
[77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
[77322] Microsoft Windows VBScript and JScript and Microsoft Internet Explorer object integer overflow
[77244] nginx and Microsoft Windows request security bypass
[76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
[76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
[76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
[76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
[76720] Microsoft Windows hook procedure privilege escalation
[76719] Microsoft Windows keyboard privilege escalation
[76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
[76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
[76707] Microsoft Windows search scopes information disclosure
[76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
[76703] Microsoft Windows file code execution
[76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
[76701] Microsoft Windows TLS information disclosure
[76223] Microsoft Windows .otf denial of service
[76221] Microsoft Windows XML Core Services code execution
[76026] Microsoft Windows Microsoft Certificate Authority spoofing
[75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
[75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
[75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
[75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
[75938] Microsoft Windows RDP code execution
[75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
[75933] Microsoft Windows thread privilege escalation
[75932] Microsoft Windows font privilege escalation
[75931] "Microsoft Windows Clipboard Format Atom Name privilege escalation"
[75930] Microsoft Windows String Atom Class Name privilege escalation
[75929] Microsoft Windows String Atom Class Name privilege escalation
[75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
[75927] Microsoft Windows User Mode Scheduler privilege escalation
[75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
[75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
[75772] Microsoft Windows keyboard layout privilege escalation
[75329] Microsoft Windows xxxCreateWindowEx() denial of service
[75140] Microsoft Windows scrollbar calculation privilege escalation
[75139] Microsoft Windows Keyboard Layout files privilege escalation
[75138] Microsoft Windows messages privilege escalation
[75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
[75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
[75131] Microsoft Windows Plug and Play (PnP) privilege escalation
[75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
[75129] Microsoft Windows IPv6 address privilege escalation
[75128] Microsoft Windows broadcast packets security bypass
[75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
[75126] Microsoft Windows GDI+ EMF buffer overflow
[75125] Microsoft Windows GDI+ EMF code execution
[75124] Microsoft Windows TrueType code execution
[75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
[75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
[74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
[74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
[74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
[74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
[74372] Microsoft Windows MSCOMCTL.OCX ActiveX control code execution
[74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
[73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
[73542] Microsoft Windows Remote Desktop Protocol denial of service
[73541] Microsoft Windows Remote Desktop Protocol code execution
[73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
[73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
[73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
[73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
[73532] Microsoft Windows DNS Server denial of service
[73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
[73529] Microsoft Windows PostMessage function privilege escalation
[73356] Microsoft Windows DNS security bypass
[72950] Microsoft Windows IPv6 information disclosure
[72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
[72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
[72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
[72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
[72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
[72854] Microsoft Windows keyboard privilege escalation
[72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
[72852] Microsoft Windows Authenticode code execution
[72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
[72850] Microsoft Windows msvcrt dynamic link library buffer overflow
[72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
[72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
[72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
[72840] Microsoft Windows Ancillary Function Driver privilege escalation
[72839] Microsoft Windows Ancillary Function Driver privilege escalation
[72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
[72560] Microsoft Windows Media Format ASF invalid stream
[72346] Microsoft Windows Explorer denial of service
[72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
[72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
[72002] Microsoft Windows Client/Server Run-time Subsystem Unicode privilege escalation
[71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
[71997] Microsoft Windows SafeSEH security bypass
[71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
[71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
[71993] Microsoft Windows DirectShow code execution
[71992] Microsoft Windows Media Player MIDI code execution
[71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
[71966] Microsoft Windows Media Player access denial of service
[71944] Microsoft Windows Phone messages denial of service
[71873] Microsoft Windows win32k.sys code execution
[71733] Microsoft Windows sandbox privilege escalation
[71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
[71564] Microsoft Windows Media Player DVR-MS code execution
[71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
[71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
[71559] Microsoft Windows Active Directory buffer overflow
[71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
[71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
[71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
[71553] Microsoft Windows kernel privilege escalation
[71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
[71551] Microsoft Windows OLE object code execution
[71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
[71549] Microsoft Windows Client/Server Run-time Subsystem Csrsrv.dll privilege escalation
[71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
[71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
[71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
[71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
[71418] Microsoft Windows keyboard layout denial of service
[71291] Microsoft Windows Server AppLocker security bypass
[71073] Microsoft Windows kernel Duqu code execution
[70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
[70950] Microsoft Windows Active Directory privilege escalation
[70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
[70948] Microsoft Windows Mail and Windows Meeting Space code execution
[70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
[70946] Microsoft Windows TrueType denial of service
[70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
[70944] Microsoft Windows Object Packager code execution
[70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
[70942] Microsoft Windows TCP/IP code execution
[70940] Microsoft Windows ClickOnce code execution
[70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
[70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
[70143] Microsoft Windows Media Center DLL code execution
[70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
[70137] Microsoft Windows Ancillary Function Driver privilege escalation
[70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
[70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
[70114] Microsoft Windows use-after-free privilege escalation
[70113] Microsoft Windows .fon buffer overflow
[70112] Microsoft Windows TrueType denial of service
[69638] Microsoft Windows csrss.exe denial of service
[69558] Microsoft Windows Script Host DLL code execution
[69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
[69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
[69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
[69491] Microsoft Windows WINS privilege escalation
[69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
[69489] Microsoft Windows components DLL code execution
[69215] Microsoft Windows DHCPv6 denial of service
[69009] Microsoft Windows Client/Server Run-time Subsystem information disclosure
[68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
[68838] Microsoft SharePoint and Windows SharePoint Services cross-site scripting
[68837] Microsoft SharePoint and Windows SharePoint Services XML file disclosure
[68836] Microsoft SharePoint and Windows SharePoint Services contact details cross-site scripting
[68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
[68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
[68830] Microsoft Windows Remote Desktop Protocol denial of service
[68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
[68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
[68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
[68824] Microsoft Windows Remote Desktop Web Access privilege escalation
[68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
[68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
[68815] Microsoft Windows kernel meta-data denial of service
[68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
[68813] Microsoft Windows Data Access code execution
[68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
[68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
[68808] Microsoft Windows DNS Server denial of service
[68807] Microsoft Windows DNS Server code execution
[68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
[68805] Microsoft Windows NDISTAPI privilege escalation
[68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
[68803] Microsoft Windows TCP/IP QoS denial of service
[68802] Microsoft Windows TCP/IP ICMP denial of service
[68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
[68800] Microsoft Windows Client/Server Run-time Subsystem Winsrv.dl privilege escalation
[68469] Microsoft Windows GPU denial of service
[68467] Microsoft Windows NVIDIA Geforce 310 denial of service
[68465] Microsoft Windows Intel G41 denial of service
[68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
[68314] Microsoft Windows win32k.sys privilege escalation
[68313] Microsoft Windows win32k.sys privilege escalation
[68312] Microsoft Windows win32k.sys information disclosure
[68311] Microsoft Windows NULL privilege escalation
[68310] Microsoft Windows win32k.sys privilege escalation
[68309] Microsoft Windows win32k.sys privilege escalation
[68308] Microsoft Windows win32k.sys privilege escalation
[68307] Microsoft Windows NULL pointer privilege escalation
[68306] Microsoft Windows NULL pointer privilege escalation
[68305] Microsoft Windows kernel-mode driver privilege escalation
[68304] Microsoft Windows kernel-mode driver privilege escalation
[68303] Microsoft Windows kernel-mode driver privilege escalation
[68302] Microsoft Windows win32k.sys privilege escalation
[68301] Microsoft Windows win32k.sys privilege escalation
[68300] Microsoft Windows win32k.sys privilege escalation
[68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
[68298] Microsoft Windows Bluetooth stack code execution
[68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
[68002] Microsoft Windows Media Player klite denial of service
[67989] Microsoft Windows tskill privilege escalation
[67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
[67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
[67942] Microsoft Windows Vector Markup Language (VML) code execution
[67795] Microsoft Windows Live Messenger dwmapi.dll code execution
[67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
[67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
[67758] Microsoft Windows MHTML information disclosure
[67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
[67756] Microsoft Windows Object Linking and Embedding WMF code execution
[67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
[67754] Microsoft Windows Ancillary Function Driver privilege escalation
[67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
[67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
[67750] Microsoft Windows Active Directory Certificate Services Web Enrollment cross-site scripting
[67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
[67748] Microsoft Windows SrvWriteConsoleOutputString privilege escalation
[67747] Microsoft Windows SrvWriteConsoleOutput privilege escalation
[67746] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand privilege escalation
[67745] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC privilege escalation
[67744] Microsoft Windows CSRSS AllocConsole privilege escalation
[67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
[67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
[67732] Microsoft Windows Win32k OTF code execution
[67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
[67730] Microsoft Windows Server Hyper-V VMBus denial of service
[67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
[67727] Microsoft Windows DFS denial of service
[67726] Microsoft Windows DFS code execution
[67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
[67724] Microsoft Windows SMB request denial of service
[67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
[67721] Microsoft Windows SMB responses code execution
[67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
[67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
[67520] Microsoft Windows Vista nsiproxy.sys denial of service
[67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
[67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
[67100] Microsoft Windows Windows Internet Name Service code execution
[66856] Microsoft Windows Media Player .avi buffer overflow
[66855] Microsoft Windows Media Player .ogg denial of service
[66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
[66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
[66835] Microsoft Windows and Internet Explorer msxml.dll information disclosure
[66639] Microsoft Windows XP afd.sys denial of service
[66469] Microsoft Windows Explorer Shmedia.dll denial of service
[66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
[66447] Microsoft Windows Messenger ActiveX control code execution
[66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
[66445] Microsoft Windows VBScript and Jscript code execution
[66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
[66443] Microsoft Windows SMB response code execution
[66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
[66441] Microsoft Windows DNS resolution code execution
[66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
[66439] Microsoft Windows SMB protocol code execution
[66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
[66437] Microsoft Windows OpenType buffer overflow
[66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
[66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
[66431] Microsoft Windows Fax Cover Page Editor code execution
[66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
[66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
[66427] Microsoft Windows GDI+ EMF code execution
[66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
[66424] Microsoft Windows kernel-mode driver (win32k.sys) variant 30 privilege escalation
[66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
[66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
[66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
[66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
[66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
[66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
[66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
[66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
[66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
[66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
[66413] Microsoft Windows kernel-mode driver (win32k.sys) variant 19 privilege escalation
[66412] Microsoft Windows kernel-mode driver (win32k.sys) variant 18 privilege escalation
[66411] Microsoft Windows kernel-mode driver (win32k.sys) variant 17 privilege escalation
[66410] Microsoft Windows kernel-mode driver (win32k.sys) variant 16 privilege escalation
[66409] Microsoft Windows kernel-mode driver (win32k.sys) variant 15 privilege escalation
[66408] Microsoft Windows kernel-mode driver (win32k.sys) variant 14 privilege escalation
[66407] Microsoft Windows kernel-mode driver (win32k.sys) variant 13 privilege escalation
[66406] Microsoft Windows kernel-mode driver (win32k.sys) variant 12 privilege escalation
[66405] Microsoft Windows kernel-mode driver (win32k.sys) variant 11 privilege escalation
[66404] Microsoft Windows kernel-mode driver (win32k.sys) variant 10 privilege escalation
[66403] Microsoft Windows kernel-mode driver (win32k.sys) variant 9 privilege escalation
[66402] Microsoft Windows kernel-mode driver (win32k.sys) variant 8 privilege escalation
[66401] Microsoft Windows kernel-mode driver (win32k.sys) variant 7 privilege escalation
[66400] Microsoft Windows kernel-mode driver (win32k.sys) variant 6 privilege escalation
[66399] Microsoft Windows kernel-mode driver (win32k.sys) variant 5 privilege escalation
[66398] Microsoft Windows kernel-mode driver (win32k.sys) variant 4 privilege escalation
[66397] Microsoft Windows kernel-mode driver (win32k.sys) variant 3 privilege escalation
[66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
[66395] Microsoft Windows kernel-mode driver (win32k.sys) variant 1 privilege escalation
[66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
[66312] Microsoft Windows Media Player .ape buffer overflow
[66254] Microsoft Windows certificates spoofing
[65972] Microsoft Windows mscorsvw.exe privilege escalation
[65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
[65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
[65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
[65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
[65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
[65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
[65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
[65567] Microsoft Windows RDC code execution
[65495] Microsoft Windows HID weak security
[65383] Microsoft Windows Graphics Rendering Engine height integer overflow
[65382] Microsoft Windows Graphics Rendering Engine BMP integer overflow
[65381] Microsoft Windows Graphics Rendering Engine biCompression buffer overflow
[65376] Microsoft Windows Server CIFS code execution
[65169] Microsoft Windows Azure information disclosure
[65000] Microsoft Windows MHTML information disclosure
[64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
[64972] Microsoft Windows LSASS privilege escalation
[64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
[64970] Microsoft Windows Win32k.sys privilege escalation
[64969] Microsoft Windows classpointer privilege escalation
[64968] Microsoft Windows pointer privilege escalation
[64967] Microsoft Windows Win32k.sys privilege escalation
[64966] Microsoft Windows Win32k.sys privilege escalation
[64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
[64926] Microsoft Windows kernel privilege escalation
[64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
[64921] Microsoft Windows Media Player and Windows Media Center DVR-MS code execution
[64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
[64919] Microsoft Windows VBScript and JScript information disclosure
[64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
[64917] Microsoft Windows CSRSS privilege escalation
[64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
[64915] Microsoft Windows Active Directory denial of service
[64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
[64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
[64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
[64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
[64906] Microsoft Windows OpenType Compact Font Format code execution
[64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
[64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
[64901] Microsoft Windows Kerberos spoofing
[64900] Microsoft Windows Kerberos checksum privilege escalation
[64837] Microsoft Windows Fax Cover Page Editor code execution
[64583] Microsoft Windows Neighbor Discovery (ND) protocol denial of service
[64474] Microsoft Windows Remote Access Phonebook code execution
[64446] Microsoft Windows Contacts DLL code execution
[64382] Microsoft Windows Graphics Rendering Engine buffer overflow
[64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
[64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
[64307] Microsoft Windows Windows Fax Cover Page Editor component buffer overflow
[63909] Microsoft Windows dynamic-linked library (oci.dll) code execution
[63816] Microsoft Windows Media Encoder 9 dynamic-linked library (DLL) code execution
[63807] Microsoft Windows Mail dynamic-linked library (wab32res.dll) code execution
[63803] Microsoft Windows Live Messenger dynamic-linked library (msgsres.dll) code execution
[63788] Microsoft Windows Backup dynamic-linked library (fveapi.dll) code execution
[63787] Microsoft Windows Internet Communication Settings dynamic-linked library (schannel.dll) code execution
[63779] Microsoft Windows Indeo Filter dynamic-linked library (iacenc.dll) code execution
[63776] Microsoft Windows Program Group Converter dynamic-linked library (DLL) code execution
[63773] Microsoft Windows Address Book dynamic-linked library (wab32res.dll) code execution
[63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
[63585] Microsoft Windows Netlogon denial of service
[63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
[63583] Microsoft Windows Movie Maker insecure library loading code execution
[63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
[63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
[63579] Microsoft Windows user mode privilege escalation
[63578] Microsoft Windows cursor privilege escalation
[63577] Microsoft Windows WriteAV privilege escalation
[63576] Microsoft Windows pointer privilege escalation
[63575] Microsoft Windows double free privilege escalation
[63574] Microsoft Windows kernel-mode drivers buffer overflow
[63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
[63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
[63570] Microsoft Windows NDProxy buffer overflow
[63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
[63568] Microsoft Windows BranchCache code execution
[63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
[63565] Microsoft Windows Consent User Interface privilege escalation
[63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
[63563] Microsoft Windows Server Hyper-V VMBus denial of service
[63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
[63561] Microsoft Windows OpenType Font (OTF) CMAP code execution
[63560] Microsoft Windows OpenType Font (OTF) format driver code execution
[63559] Microsoft Windows OpenType Font (OTF) format driver code execution
[63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
[63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
[63549] Microsoft Windows Media Encoder code execution
[63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
[63547] Microsoft Windows Internet Signup code execution
[63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
[63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
[63538] Microsoft Windows Knowledge Base Article 968095 update is not installed
[63450] Microsoft Windows REG_BINARY privilege escalation
[62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
[62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
[62796] Microsoft Windows Task Scheduler privilege escalation
[62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
[62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
[62737] Microsoft WindowsTask Scheduler service privilege escalation
[62716] Microsoft Windows Mobile .vcf denial of service
[62643] Microsoft Windows unspecified privilege escalation
[62642] Microsoft Windows unspecified privilege escalation
[62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
[62169] Microsoft Windows Explorer buffer overflow
[62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
[62165] Microsoft Windows Failover Cluster Manager insecure permissions
[62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
[62162] Microsoft Windows Media Player RTSP code execution
[62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
[62153] Microsoft Windows OpenType Font fonts privilege escalation
[62152] Microsoft Windows OpenType Font privilege escalation
[62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
[62148] Microsoft Windows SChannel denial of service
[62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
[62143] Microsoft Windows Knowledge Base Article 982132 update is not installed
[62142] Microsoft Windows OpenType table code execution
[62138] Microsoft Windows Knowledge Base Article 981957 update is not installed
[62137] Microsoft Windows class privilege escalation
[62135] Microsoft Windows keyboard privilege escalation
[62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
[62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
[62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
[62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
[62125] Microsoft Windows Media Player code execution
[62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
[62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
[62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
[62103] Microsoft Windows LPC message privilege escalation
[62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
[62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
[62006] Microsoft Windows unspecified privilege escalation
[61994] Microsoft Windows MPEG Layer-3 Audio Decoder denial of service
[61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
[61518] Microsoft Windows CSRSS privilege escalation
[61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
[61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
[61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
[61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
[61506] Microsoft Windows Unicode Scripts Processor code execution
[61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
[61503] Microsoft Windows Print Spooler service code execution
[61501] Microsoft Windows Knowledge Base Article 975558 update is not installed
[61500] Microsoft Windows MPEG-4 code execution
[61499] Microsoft Windows Knowledge Base Article 982802 update is not installed
[61498] Microsoft Windows RPC code execution
[61258] Microsoft Windows IcmpSendEcho2Ex denial of service
[61187] Microsoft Windows xxxRealDrawMenuItem() privilege escalation
[61184] Microsoft Windows win32k!GreStretchBltInternal() denial of service
[61129] Microsoft Windows Kerberos security bypass
[60975] Microsoft Windows CreateDIBPalette() buffer overflow
[60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
[60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
[60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
[60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
[60723] Microsoft Windows Knowledge Base Article 978886 update is not installed
[60722] Microsoft Windows TCP/IP input buffer privilege escalation
[60721] Microsoft WindowsTCP/IP IPv6 denial of service
[60719] Microsoft Windows Knowledge Base Article 980436 update is not installed
[60718] Microsoft Windows SChannel code execution
[60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
[60705] Microsoft Windows Knowledge Base Article 981852 update is not installed
[60704] Microsoft Windows kernel ACL denial of service
[60703] Microsoft Windows kernel errors privilege escalation
[60702] Microsoft Windows kernel threads privilege escalation
[60701] Microsoft Windows Knowledge Base Article 981997 update is not installed
[60700] Microsoft Windows Movie Maker code execution
[60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
[60697] Microsoft Windows kernel-mode drivers window privilege escalation
[60696] Microsoft Windows kernel-mode drivers input privilege escalation
[60695] Microsoft Windows kernel-mode drivers memory privilege escalation
[60694] Microsoft Windows kernel-mode drivers exception privilege escalation
[60693] Microsoft Windows kernel-mode drivers denial of service
[60692] Microsoft Windows Knowledge Base Article 982214 update is not installed
[60691] Microsoft Windows SMB stack denial of service
[60690] Microsoft Windows SMB variable denial of service
[60689] Microsoft Windows SMB pool code execution
[60688] Microsoft Windows Knowledge Base Article 982665 update is not installed
[60687] Microsoft Windows Cinepak Codec code execution
[60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
[60685] Microsoft Windows MPEG Layer-3 Codecs code execution
[60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
[60683] Microsoft Windows XML Core Services (MSXML) code execution
[60682] Microsoft Windows Knowledge Base Article 982799 update is not installed
[60681] Microsoft Windows Tracing Feature privilege escalation
[60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
[60679] Microsoft Windows registry key ACL privilege escalation
[60678] Microsoft Windows Service Isolation privilege escalation
[60677] Microsoft Windows Knowledge Base Article 983539 update is not installed
[60676] Microsoft Windows LSASS privilege escalation
[60422] Microsoft Windows .lnk file code execution
[60120] Microsoft Windows NtUserCheckAccessForIntegrityLevel() privilege escalation
[60095] Microsoft Windows UpdateFrameTitleForDocument() buffer overflow
[59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
[59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
[59895] Microsoft Windows Knowledge Base Article 978212 update is not installed
[59891] Microsoft Windows Knowledge Base Article 982335 update is not installed
[59447] Microsoft Windows Help and Support Center GetServerName cross-site scripting
[59267] Microsoft Windows helpctr.exe command execution
[58944] Microsoft Windows Knowledge Base Article 979902 update not installed
[58943] Microsoft Windows MJPEG code execution
[58942] Microsoft Windows media files code execution
[58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
[58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
[58887] Microsoft Windows kernel-mode drivers TrueType privilege escalation
[58885] Microsoft Windows Knowledge Base Article 980218 update is not installed
[58884] Microsoft Windows OpenType Compact Font Format privilege escalation
[58883] Microsoft Windows Knowledge Base Article 981343 update is not installed
[58871] Microsoft Windows Knowledge Base Article 982381 update is not installed
[58865] Microsoft Windows Knowledge Base Article 982666 update is not installed
[58863] Microsoft Windows Knowledge Base Article 983235 update is not installed
[58622] Microsoft Windows Canonical Display Driver (cdd.dll) code execution
[58345] Microsoft Windows SMTP Service query id spoofing
[58344] Microsoft Windows SMTP Service DNS spoofing
[58243] Microsoft Office SharePoint Server and Microsoft Windows SharePoint Services help.aspx cross-site scripting
[58173] Microsoft Windows Knowledge Base Article 978542 update is not installed
[58172] Microsoft Outlook Express and Windows Mail client integer overflow
[58171] Microsoft Windows Knowledge Base Article 978213 update is not installed
[58060] Microsoft Windows SfnINSTRING() privilege escalation
[58059] Microsoft Windows SfnLOGONNOTIFY() denial of service
[57601] Microsoft Windows kernel exceptions denial of service
[57600] Microsoft Windows kernel image file denial of service
[57599] Microsoft Windows kernel path denial of service
[57597] Microsoft Windows kernel registry keys denial of service
[57596] Microsoft Windows kernel symbolic links denial of service
[57595] Microsoft Windows kernel registry keys denial of service
[57580] Microsoft Windows Knowledge Base Article 981210 update is not installed
[57579] Microsoft Windows Cabinet File Viewer (cabview.dll) code execution
[57578] Microsoft Windows WinVerifyTrust signature validation code execution
[57380] Microsoft Windows Knowledge Base Article 979683 update is not installed
[57379] Microsoft Windows kernel symbolic link privilege escalation
[57378] Microsoft Windows kernel memory privilege escalation
[57377] Microsoft Windows Knowledge Base Article 979559 update is not installed
[57376] Microsoft Windows kernel-mode drivers windows privilege escalation
[57375] Microsoft Windows kernel-mode drivers objects privilege escalation
[57374] Microsoft Windows Knowledge Base Article 977816 update is not installed
[57372] Microsoft Windows Knowledge Base Article 978338 update is not installed
[57370] Microsoft Windows ISATAP IPv6 spoofing
[57343] Microsoft Windows Knowledge Base Article 979402 update is not installed
[57342] Microsoft Windows Media Player ActiveX control code execution
[57341] Microsoft Windows Knowledge Base Article 980094 update is not installed
[57337] Microsoft Windows Knowledge Base Article 980195 update is not installed
[57336] Microsoft Windows Knowledge Base Article 980232 update is not installed
[57335] Microsoft Windows SMB message code execution
[57334] Microsoft Windows SMB transaction responses code execution
[57333] Microsoft Windows SMB code execution
[57332] Microsoft Windows SMB memory privilege escalation
[57330] Microsoft Windows Knowledge Base Article 980858 update is not installed
[57329] Microsoft Windows Media Services info packets buffer overflow
[57328] Microsoft Windows Knowledge Base Article 981160 update is not installed
[57326] Microsoft Windows Knowledge Base Article 981169 update is not installed
[57325] Microsoft Windows Knowledge Base Article 981832 update is not installed
[57324] Microsoft Windows SMTP Service Simple Mail Transfer Protocol memory information disclosure
[57323] Microsoft Windows SMTP Service and Microsoft Exchange SMTP DNS Mail Exchanger (MX) denial of service
[57322] Microsoft Windows Knowledge Base Article 980182 update is not installed
[57205] Microsoft Windows Media Player .AVI code execution
[56853] Microsoft Windows MS HTML Help ActiveX control (hhctrl.ocx) HtmlHelpA() code execution
[56756] Microsoft Windows .ani file denial of service
[56591] Microsoft Windows API denial of service
[56560] Microsoft Windows winhlp32.exe buffer overflow
[56558] Microsoft Windows MsgBox() code execution
[56470] Microsoft Windows Knowledge Base Article 980150 update is not installed
[56461] Microsoft Windows Knowledge Base Article 975561 update is not installed
[56435] Microsoft Windows Media Player .mpg denial of service
[56218] Microsoft Windows DNS weak security
[55935] Microsoft Windows Knowledge Base Article 975713 update is not installed
[55934] Microsoft Windows Knowledge Base Article 978037 update is not installed
[55933] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) privilege escalation
[55932] Microsoft Windows Knowledge Base Article 978214 update is not installed
[55930] Microsoft Windows Knowledge Base Article 977935 update is not installed
[55928] Microsoft Windows Knowledge Base Article 978706 update is not installed
[55926] Microsoft Windows Knowledge Base Article 977894 update is not installed
[55925] Microsoft Windows Hyper-V instruction set denial of service
[55924] Microsoft Windows Knowledge Base Article 977377 update is not installed
[55923] Microsoft Windows Knowledge Base Article 977290 update is not installed
[55922] Microsoft Windows Kerberos Ticket-Granting-Ticket (TGT) denial of service
[55921] Microsoft Windows Knowledge Base Article 977165 update is not installed
[55920] Microsoft Windows kernel privilege escalation
[55917] Microsoft Windows Knowledge Base Article 978262 update is not installed
[55910] Microsoft Windows Knowledge Base Article 971468 update is not installed
[55909] Microsoft Windows SMB NTLM privilege escalation
[55908] Microsoft Windows SMB NULL denial of service
[55907] Microsoft Windows SMB denial of service
[55906] Microsoft Windows SMB pathname code execution
[55898] Microsoft Windows Knowledge Base Article 974145 update is not installed
[55897] Microsoft Windows TCP/IP SACK denial of service
[55896] Microsoft Windows TCP/IP Route Information code execution
[55895] Microsoft Windows TCP/IP stack datagram code execution
[55894] Microsoft Windows TCP/IP ICMPv6 code execution
[55890] Microsoft Windows Knowledge Base Article 975416 update is not installed
[55779] Microsoft Windows Knowledge Base Article 978207 update is not installed
[55742] Microsoft Windows #GP trap handler privilege escalation
[55680] Microsoft Windows Media Player ActiveX control code execution
[55560] Microsoft Windows XP Flash Player code execution
[55153] Microsoft Windows Knowledge Base Article 978251 update is not installed
[55152] Microsoft Windows Server Message Block client code execution
[55151] Microsoft Windows Server Message Block pool code execution
[55150] Microsoft Windows Knowledge Base Article 972270 update is not installed
[55149] Microsoft Windows EOT font buffer overflow
[54645] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution
[54644] Microsoft Internet Explorer and Windows Media player Intel Indeo codec code execution
[54643] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow
[54642] Microsoft Internet Explorer and Windows Media player Intel Indeo41 codec buffer overflow
[54445] Microsoft Windows Knowledge Base Article 975539 update is not installed
[54443] Microsoft Windows Knowledge Base Article 974392 update is not installed
[54442] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service
[54440] Microsoft Windows Knowledge Base Article 974318 update is not installed
[54439] Microsoft Windows Internet Authentication Service (IAS) privilege escalation
[54438] Microsoft Windows Internet Authentication Service (IAS) code execution
[54427] Microsoft Windows Knowledge Base Article 971726 update is not installed
[54426] Microsoft Windows Active Directory Federation Services (ADFS) code execution
[54425] Microsoft Windows Active Directory Federation Services (ADFS) spoofing
[54424] Microsoft Windows Knowledge Base Article 967183 update is not installed
[54422] Microsoft Windows Knowledge Base Article 976325 update is not installed
[54217] Microsoft Windows KeAccumulateTicks() denial of service
[54012] Microsoft Windows Knowledge Base Article 972652 update is not installed
[53991] Microsoft Windows Knowledge Base Article 973309 update is not installed
[53990] Microsoft Windows ADAM LDAP denial of service
[53986] Microsoft Windows Knowledge Base Article 973565 update is not installed
[53985] Microsoft Windows WSDAPI code execution
[53981] Microsoft Windows Knowledge Base Article 974783 update is not installed
[53980] Microsoft Windows 2000 License Logging Server buffer overflow
[53977] Microsoft Windows Knowledge Base Article 976307 update is not installed
[53975] Microsoft Windows Knowledge Base Article 969947 update is not installed
[53974] Microsoft Windows kernel font code execution
[53973] Microsoft Windows kernel GDI privilege escalation
[53972] Microsoft Windows kernel NULL pointer privilege escalation
[53551] Microsoft Windows Knowledge Base Article KB973525 update is not installed
[53550] Microsoft Windows Knowledge Base Article 974112 update is not installed
[53549] Microsoft Windows Media Player ASF file buffer overflow
[53548] Microsoft Windows Knowledge Base Article 971486 update is not installed
[53547] Microsoft Windows kernel exception handler denial of service
[53546] Microsoft Windows kernel user mode privilege escalation
[53545] Microsoft Windows kernel 64-bit truncation privilege escalation
[53544] Microsoft Windows Knowledge Base Article 974455 update is not installed
[53541] Microsoft Windows Knowledge Base Article 969059 update is not installed
[53540] Microsoft Windows Indexing Service ActiveX control code execution
[53537] Microsoft Windows Knowledge Base Article 974571 update is not installed
[53536] Microsoft Windows CryptoAPI ASN.1 spoofing
[53535] Microsoft Windows CryptoAPI NULL spoofing
[53534] Microsoft Windows Knowledge Base Article 975254 update is not installed
[53533] Microsoft Windows Knowledge Base Article 957488 update is not installed
[53531] Microsoft Windows GDI+ Microsoft Office file code execution
[53530] Microsoft Windows GDI+ PNG image code execution
[53529] Microsoft Windows GDI+ .NET Framework API code execution
[53528] Microsoft Windows GDI+ TIFF image code execution
[53527] Microsoft Windows GDI+ TIFF image buffer overflow
[53526] Microsoft Windows GDI+ PNG image buffer overflow
[53525] Microsoft Windows GDI+ WMF image code execution
[53522] Microsoft Windows Knowledge Base Article 975517 update is not installed
[53517] Microsoft Windows Knowledge Base Article 975682 update is not installed
[53516] Microsoft Windows Media Player audio files code execution
[53514] Microsoft Windows Media Player ASF code execution
[53512] Microsoft Windows Knowledge Base Article 975467 update is not installed
[53511] Microsoft Windows Local Security Authority Subsystem Service (LSASS) denial of service
[53090] Microsoft Windows srv2.sys code execution
[52948] Microsoft Windows Knowledge Base Article 973965 update is not installed
[52775] Microsoft Windows Knowledge Base Article 973812 update is not installed
[52774] Microsoft Windows Media Format MP3 files code execution
[52773] Microsoft Windows Media Format ASF files code execution
[52771] Microsoft Windows Knowledge Base Article 971961 update is not installed
[52770] Microsoft Windows Jscript code execution
[52403] Microsoft Windows OpenType font engine denial of service
[52137] Microsoft Windows Knowledge Base Article 969706 update is not installed
[52131] Microsoft Windows Knowledge Base Article 972260 update is not installed
[52128] Microsoft Windows Knowledge Base Article 967723 update is not installed
[52127] Microsoft Windows TCP/IP orphaned connections denial of service
[52126] Microsoft Windows TCP/IP timestamps code execution
[52117] Microsoft Windows Knowledge Base Article 970927 update is not installed
[52116] Microsoft Windows RDP Services Client ActiveX control buffer overflow
[52115] Microsoft Windows Remote Desktop Connection RDP buffer overflow
[52114] Microsoft Windows Knowledge Base Article 970957 update is not installed
[52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service
[52111] Microsoft Windows Knowledge Base Article 969883 update is not installed
[52110] Microsoft Windows Windows Internet Name Service (WINS) replication partner buffer overflow
[52109] Microsoft Windows Windows Internet Name Service (WINS) replication buffer overflow
[52108] Microsoft Windows Knowledge Base Article 960859 update is not installed
[52107] Microsoft Windows Knowledge Base Article 971032 update is not installed
[52104] Microsoft Windows telnet privilege escalation
[52103] Microsoft Windows Knowledge Base Article 956844 update is not installed
[52102] Microsoft Windows DHTML Editing Component ActiveX control code execution
[52097] Microsoft Windows Knowledge Base Article 971557 update is not installed
[52096] Microsoft Windows AVI validation integer overflow
[52095] Microsoft Windows AVI code execution
[52093] Microsoft Windows Knowledge Base Article 971657 update is not installed
[52092] Microsoft Windows Workstation Service RPC message code execution
[52089] Microsoft Windows Knowledge Base Article 973908 update is not installed
[51636] Microsoft Windows Knowledge Base Article KB973346 update is not installed
[51471] Microsoft Windows Knowledge Base Article 970811 update is not installed
[51469] Microsoft Windows Knowledge Base Article 970710 update is not installed
[51468] Microsoft Windows Wireless LAN AutoConfig service buffer overflow
[51465] Microsoft Windows Knowledge Base Article 969856 update is not installed
[51463] Microsoft Windows Knowledge Base Article 971633 update is not installed
[51462] Microsoft Windows Knowledge Base Article 969516 update is not installed
[51457] Microsoft Windows Knowledge Base Article 957638 update is not installed
[51097] Microsoft Windows atapi.sys privilege escalation
[51034] Microsoft PowerPoint Freelance Windows buffer overflow
[50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
[50903] Microsoft Windows SPI_SETDESKWALLPAPER SystemParametersInfo denial of service
[50826] Microsoft Windows Knowledge Base Article 969898 update is not installed
[50798] Microsoft Windows Knowledge Base Article 970238 update is not installed
[50797] Microsoft Windows RPC Marshalling Engine code execution
[50795] Microsoft Windows Knowledge Base Article 969514 update is not installed
[50791] Microsoft Windows Knowledge Base Article 969462 update is not installed
[50783] Microsoft Windows Knowledge Base Article 968537 update is not installed
[50782] Microsoft Windows desktop parameter privilege escalation
[50781] Microsoft Windows system call privilege escalation
[50780] Microsoft Windows kernel pointer privilege escalation
[50779] Microsoft Windows kernel kernel objects privilege escalation
[50778] Microsoft Windows Knowledge Base Article 963093 update is not installed
[50777] Microsoft Windows Search weak security
[50776] Microsoft Windows Knowledge Base Article 969897 update is not installed
[50768] Microsoft Windows Knowledge Base Article 970483 update is not installed
[50767] Microsoft Windows Knowledge Base Article 971055 update is not installed
[50766] Microsoft Windows Knowledge Base Article 961501 update is not installed
[50765] Microsoft Windows Print Spooler service privilege escalation
[50763] Microsoft Windows Print Spooler service buffer overflow
[50762] Microsoft Windows Knowledge Base Article 961371 update is not installed
[50761] Microsoft Windows Active Directory LDAP denial of service
[50760] Microsoft Windows Embedded OpenType (EOT) integer overflow
[50759] Microsoft Windows 2000 Active Directory LDAP code execution
[50758] Microsoft Windows EOT buffer overflow
[50757] Microsoft Windows Knowledge Base Article 957632 update is not installed
[50391] Microsoft Windows Media Player MID file denial of service
[50281] Microsoft Windows Knowledge Base Article 967340 update is not installed
[50129] Microsoft Windows gdiplus.dll PNG denial of service
[49598] Microsoft Windows Knowledge Base Article 959426 update is not installed
[49588] Microsoft Windows Knowledge Base Article 960477 update is not installed
[49586] Microsoft Windows Knowledge Base Article 959454 update is not installed
[49584] Microsoft Windows Threadpool ACL privilege escalation
[49581] Microsoft Windows RPCSS privilege escalation
[49578] Microsoft Windows WMI privilege escalation
[49570] Microsoft Windows Knowledge Base Article 961759 update is not installed
[49569] Microsoft Windows Knowledge Base Article 960803 update is not installed
[49566] Microsoft Windows HTTP services certificate spoofing
[49562] Microsoft Windows HTTP services integer underflow
[49560] Microsoft Windows Knowledge Base Article 961373 update is not installed
[49558] Microsoft Windows Knowledge Base Article 963027 update is not installed
[49547] Microsoft Windows Knowledge Base Article 968557 update is not installed
[49438] Microsoft Windows GDI+ EMF EmfPlusFont Object denial of service
[49435] Microsoft Windows unlzh.c and unpack.c gzip code execution
[49079] Microsoft Windows DNS server memory leak denial of service
[48909] Microsoft Windows Knowledge Base Article 962238 update is not installed
[48908] Microsoft Windows WINS server WPAD and ISATAP registration Web proxy spoofing
[48907] Microsoft Windows DNS server WPAD registration Web proxy spoofing
[48906] Microsoft Windows DNS server cache response spoofing
[48905] Microsoft Windows DNS server query response spoofing
[48392] Microsoft Windows I/O information disclosure
[48326] Microsoft Windows Knowledge Base Article 960715 update is not installed
[48312] Microsoft Windows Knowledge Base Article 959420 update is not installed
[48311] Microsoft Windows Knowledge Base Article 961260 update not installed
[48308] Microsoft Windows Knowledge Base Article 960225 update is not installed
[48307] Microsoft Windows SChannel certificate spoofing
[48302] Microsoft Windows Knowledge Base Article 957634 update not installed
[48301] Microsoft Windows Knowledge Base Article 958690 update is not installed
[48300] Microsoft Windows kernel pointer validation privilege escalation
[48299] Microsoft Windows kernel handle validation privilege escalation
[48298] Microsoft Windows kernel GDI validation code execution
[48295] Microsoft Windows Knowledge Base Article 974378 update not installed
[48189] Microsoft Windows AutoRun feature enabled
[47867] Microsoft Windows .CHM file denial of service
[47760] Microsoft Windows Media Player WAV file code execution
[47676] Microsoft Windows Knowledge Base Article 958687 update not installed
[47674] Microsoft Windows SMB NT Trans2 request code execution
[47673] Microsoft Windows SMB NT Trans request buffer overflow
[47672] Microsoft Windows Knowledge Base Article 959239 update not installed
[47664] Microsoft Windows Media Player WAV or SND file denial of service
[47428] Microsoft Windows Knowledge Base Article 960714 update is not installed
[46870] Microsoft Windows Knowledge Base Article 959807 update is not installed
[46869] Microsoft Windows Media Components ISATAP information disclosure
[46868] Microsoft Windows Media Components SPN NTLM credentials code execution
[46867] Microsoft Windows Knowledge Base Article 959349 update is not installed
[46866] Microsoft Windows search-ms protocol code execution
[46865] Microsoft Windows saved search file code execution
[46864] Microsoft Windows Knowledge Base Article 959070 update is not installed
[46861] Microsoft Windows Knowledge Base Article 958215 update not installed
[46856] Microsoft Windows Knowledge Base Article 957175 update is not installed
[46853] Microsoft Windows Knowledge Base Article 957173 update not installed
[46844] Microsoft Windows Knowledge Base Article 956802 update is not installed
[46843] Microsoft Windows GDI WMF image file buffer overflow
[46842] Microsoft Windows GDI WMF image file integer overflow
[46742] Microsoft Windows Vista iphlpapi.dll buffer overflow
[46670] Microsoft Communicator, Office Communications Server (OCS) and Windows Live Messenger RTCP unspecified denial of service
[46506] Microsoft Windows UnhookWindowsHookEx() denial of service
[46385] Microsoft Windows Media Player MIDI or DAT file denial of service
[46194] Microsoft Windows Knowledge Base Article 957097 update is not installed
[46191] Microsoft Windows SMB NTLM credentials code execution
[46190] Microsoft Windows Knowledge Base Article 932349 update is not installed
[46188] Microsoft Visual Basic Windows Common ActiveX control AVI buffer overflow
[46102] Microsoft Windows 2003 SP2 is not installed on the system
[46101] Microsoft Windows 2003 SP1 is not installed on the system
[46100] Microsoft Windows XP Service Pack 3 is not installed on the system
[46099] Microsoft Windows XP Service Pack 1 is not installed on the system
[46042] Microsoft Windows Knowledge Base Article 958644 update not installed
[46040] Microsoft Windows Server Service RPC code execution
[45857] Microsoft Windows Mobile HTC Hermes device security bypass
[45719] Microsoft Windows Vista page faults denial of service
[45586] Microsoft Windows Knowledge Base Article 957280 update is not installed
[45585] Microsoft Windows Active Directory LDAP search buffer overflow
[45582] Microsoft Windows Knowledge Base Article 956803 update is not installed
[45581] Microsoft Windows Knowledge Base Article 956416 update is not installed
[45578] Microsoft Windows Ancillary Function Driver privilege escalation
[45572] Microsoft Windows Knowledge Base Article 9556841 update is not installed
[45571] Microsoft Windows Memory Manager Virtual Address Descriptors privilege escalation
[45565] Microsoft Windows Knowledge Base Article 956390 update is not installed
[45561] Microsoft Windows Knowledge Base Article 957095 update is not installed
[45560] Microsoft Windows SMB file name buffer underflow
[45557] Microsoft Windows Knowledge Base Article 955218 update is not installed
[45550] Microsoft Windows Knowledge Base Article 957699 update is not installed
[45548] Microsoft Windows Knowledge Base Article 953155 update is not installed
[45545] Microsoft Windows Internet Printing Protocol code execution
[45544] Microsoft Windows Knowledge Base Article 954211 update is not installed
[45543] Microsoft Windows kernel input privilege escalation
[45542] Microsoft Windows kernel system calls privilege escalation
[45541] Microsoft Windows kernel new window privilege escalation
[45538] Microsoft Windows Knowledge Base Article 951071 update is not installed
[45464] Microsoft Windows XP GDI+ .ICO denial of service
[45463] Microsoft Windows Mobile bluetooth device name denial of service
[45209] Microsoft Windows Media Player installed
[45146] Microsoft Windows WRITE_ANDX SMB packet denial of service
[45015] Microsoft Windows Image Aquisition Logger ActiveX control file overwrite
[44727] Microsoft Windows Knowledge Base Article 956391 update not installed
[44716] Microsoft Windows Knowledge Base Article 954593 update not installed
[44715] Microsoft Windows GDI+ BMP header buffer overflow
[44714] Microsoft Windows GDI+ WMF buffer overflow
[44713] Microsoft Windows GDI+ GIF index parsing buffer overflow
[44711] Microsoft Windows GDI+ EMF code execution
[44710] Microsoft Windows GDI+ VML gradient buffer overflow
[44708] Microsoft Windows Knowledge Base Article 955047 update not installed
[44705] Microsoft Windows Knowledge Base Article 956695 update not installed
[44703] Microsoft Windows Knowledge Base Article 954156 update not installed
[44700] Microsoft Windows Media Encoder wmex.dll ActiveX control buffer overflow
[44625] Microsoft Windows ATL Load() code execution
[44423] Microsoft Windows nslookup.exe code execution
[44106] Microsoft Windows Knowledge Base Article 953839 update not installed
[44099] Microsoft Windows Knowledge Base Article 953838 update not installed
[44092] Microsoft Windows Knowledge Base Article 954066 update not installed
[44087] Microsoft Windows Knowledge Base Article 953733 update not installed
[44086] Microsoft Windows IPSec policy information disclosure
[44085] Microsoft Windows Knowledge Base Article 952954 update not installed
[44083] Microsoft Windows Knowledge Base Article 954154 update not installed
[44082] Microsoft Windows Media Player sampling rate SSPL buffer overflow
[44081] Microsoft Windows Knowledge Base Article 955048 update not installed
[44080] Microsoft Windows Knowledge Base Article 955617 update not installed
[44079] Microsoft Windows Knowledge Base Article 950974 update not installed
[43340] Microsoft Windows Knowledge Base Article 950582 update not installed
[43339] Microsoft Windows Explorer saved search file code execution
[43336] Microsoft Windows Knowledge Base Article 953230 update not installed
[43335] Microsoft Windows DNS Server cache poisoning
[43330] Microsoft Windows Knowledge Base Article 953747 update not installed
[42887] Microsoft Windows Installer msiexec.exe GUID buffer overflow
[42765] Apple Safari Microsoft Windows code execution
[42701] Microsoft Windows Knowledge Base Article 950760 update not installed
[42699] Microsoft Windows Vista speech recognition (sapi.dll) command execution
[42697] Microsoft Windows Knowledge Base Article 950762 update not installed
[42696] Microsoft Windows PGM fragment option denial of service
[42695] Microsoft Windows PGM option length denial of service
[42693] Microsoft Windows Knowledge Base Article 950759 update not installed
[42691] Microsoft Windows Knowledge Base Article 949785 update not installed
[42689] Microsoft Windows Knowledge Base Article 951066 update not installed bluetooth
[42685] Microsoft Windows Knowledge Base Article 951376 update not installed
[42684] Microsoft Windows Knowledge Base Article 948745 update not installed
[42682] Microsoft Windows Bluetooth SDP code execution
[42677] Microsoft Windows Knowledge Base Article 955702 update not installed
[42676] Microsoft Windows Messenger ActiveX control information disclosure
[42675] Microsoft Windows Knowledge Base Article 951698 update not installed
[42674] Microsoft Windows DirectX SAMI buffer overflow
[42672] Microsoft Windows Knowledge Base Article 953235 update not installed
[42668] Microsoft Windows Active Directory LDAP request denial of service
[42358] Microsoft Windows I2O Utility Filter driver (i2omgmt.sys) code execution
[42334] Microsoft Windows CE JPEG and GIF code execution
[42109] Microsoft Windows Knowledge Base Article 952044 update not installed
[42103] Microsoft Windows Knowledge Base Article 951208 update not installed
[42101] Microsoft Windows Knowledge Base Article 951207 update not installed
[42095] Microsoft Windows Knowledge Base Article 950749 update not installed
[41880] Microsoft Windows MSDTC privilege escalation
[41481] Microsoft Windows Knowledge Base Article 945553 update not installed
[41480] Microsoft Windows DNS client spoofing
[41477] Microsoft Windows Knowledge Base Article 947864 update not installed
[41473] Microsoft Windows Knowledge Base Article 948590 update not installed
[41472] Microsoft Windows GDI EMF filename parameter buffer overflow
[41471] Microsoft Windows GDI EMF and WMF header buffer overflow
[41470] Microsoft Windows Knowledge Base Article 941693 update not installed
[41469] Microsoft Windows kernel usermode privilege escalation
[41465] Microsoft Windows Knowledge Base Article 948881 update not installed
[41463] Microsoft Windows Knowledge Base Article 941203 update not installed
[41453] Microsoft Windows Knowledge Base Article 949032 update not installed
[41448] Microsoft Windows Knowledge Base Article 950183 update not installed
[41349] Microsoft Windows AutoPlay NoDriveTypeAutoRun weak security
[40937] Microsoft Windows Knowledge Base Article 815495 update not installed
[40889] Microsoft Windows Knowledge Base Article 949030 update not installed
[40886] Microsoft Windows Knowledge Base Article 949031 update not installed
[40879] Microsoft Windows Knowledge Base Article 949029 update not installed
[40693] Microsoft Windows Video Controller ActiveX Library for streaming video (msvidctl.dll) buffer overflow
[40103] Microsoft Windows Knowledge Base Article 946538 update not installed
[40102] Microsoft Windows Active Directory LDAP request denial of service
[40101] Microsoft Windows Knowledge Base Article 947077 update not installed
[40099] Microsoft Windows Knowledge Base Article 946456 update not installed
[40098] Microsoft Windows Vista DHCP denial of service
[40097] Microsoft Windows Knowledge Base Article 947081 update not installed
[40094] Microsoft Windows Knowledge Base Article 947085 update not installed
[40091] Microsoft Windows Knowledge Base Article 944533 update not installed
[40078] Microsoft Windows Knowledge Base Article 947108 update not installed
[40063] Microsoft Windows Knowledge Base Article 946026 update not installed
[40062] Microsoft Windows WebDAV Mini-Redirector buffer overflow
[40059] Microsoft Windows Knowledge Base Article 944338 update not installed
[40056] Microsoft Windows VBScript and JScript engines code execution
[40048] Microsoft Windows Knowledge Base Article 947890 update not installed
[40043] Microsoft Windows OLE script request buffer overflow
[39453] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) MLDv2 buffer overflow
[39452] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) IGMPv3 buffer overflow
[39254] Microsoft Windows TCP/IP ICMP denial of service
[39238] Microsoft Windows Knowledge Base Article 941644 update not installed
[39237] Microsoft Windows Knowledge Base Article 942831 update not installed
[39236] Microsoft Windows Knowledge Base Article 943485 update not installed
[39233] Microsoft Windows LSASS LPC privilege escalation
[39232] Microsoft Windows Knowledge Base Article 942830 update not installed
[39052] Microsoft Windows DirectX MJPEG decoder code execution
[38865] Cisco Security Agent for Microsoft Windows SMB buffer overflow
[38850] Microsoft Windows CryptGenRandom information disclosure
[38830] Microsoft Windows Media File Format Stream Property error correction buffer overflow
[38829] Microsoft Windows Media File Format Stream Property error correction and type-specific buffer overflow
[38828] Microsoft Windows Media File Format audio_conceal_none buffer overflow
[38827] Microsoft Windows Media File Format Degradable JPEG Media Stream buffer overflow
[38797] Microsoft Windows Media Player AIFF denial of service
[38730] Microsoft Windows Knowledge Base Article 943078 update not installed
[38729] Microsoft Windows Vista kernel ALPC privilege escalation
[38728] Microsoft Windows Knowledge Base Article 944653 update not installed
[38726] Microsoft Windows Knowledge Base Article 942624 update not installed
[38725] Microsoft Windows Vista SMBv2 signing code execution
[38723] Microsoft Windows Knowledge Base Article 941568 update not installed
[38717] Microsoft Windows Knowledge Base Article 942615 update not installed
[38711] Microsoft Windows Knowledge Base Article 941569 update not installed
[38315] Microsoft Windows Knowledge Base Article 943460 update not installed
[37284] Microsoft Windows Macrovision secdrv.sys driver buffer overflow
[37249] Microsoft Windows Mobile SMS sender field obfuscation
[37226] Microsoft Windows Knowledge Base Article 815495 update not installed
[36980] Microsoft Windows Explorer PNG file denial of service
[36961] Microsoft Windows Explorer extended attributes multiple buffer overflows
[36819] Microsoft Windows Knowledge Base Article 939653 update not installed
[36812] Microsoft Windows Knowledge Base Article 941202 update not installed
[36811] Microsoft Outlook Express and Windows Mail NNTP response code execution
[36807] Microsoft Windows Knowledge Base Article 933729 update not installed
[36806] Microsoft Windows Knowledge Base Article 941672 update not installed
[36805] Microsoft Windows DNS spoofing information disclosure
[36804] Microsoft Windows Knowledge Base Article 942695 update not installed
[36803] Microsoft Windows RPC NTLMSSP authentication denial of service
[36800] Microsoft Windows Knowledge Base Article 923810 update not installed
[36799] Microsoft Windows Kodak image Viewer code execution
[36662] Microsoft Windows Media Player meta file security bypass
[36608] Microsoft Windows MFC ActiveX FindFile() buffer overflow
[36490] Microsoft Windows Knowledge Base Article 942099 update not installed
[36381] Microsoft Windows Knowledge Base Article 939778 update not installed
[36378] Microsoft Windows UNIX services setuid binary privilege escalation
[36376] Microsoft Windows Knowledge Base Article 941522 update not installed
[35919] Microsoft Windows VML detected
[35902] Microsoft Windows process scheduler denial of service
[35897] Microsoft Windows Vista Weather Gadget code execution
[35895] Microsoft Windows Media Player skin decompression code execution
[35886] Microsoft Windows ARP request denial of service
[35878] Microsoft Windows Media Player .AU file denial of service
[35853] Microsoft Windows Vista kernel unspecified vulnerability
[35816] Microsoft Windows Knowledge Base Article 940965 update not installed
[35802] Microsoft Windows Vista Calendar ICS denial of service
[35771] Microsoft Windows Vista Contacts Gadget code execution
[35770] Microsoft Windows Vista Feed Headlines Gadget code execution
[35766] Microsoft Windows Knowledge Base Article 937894 update not installed
[35762] Microsoft Windows Knowledge Base Article 938127 update not installed
[35761] Microsoft Windows VML vgx.dll buffer overflow
[35760] Microsoft Windows Knowledge Base Article 937143 update not installed
[35753] Microsoft Windows Knowledge Base Article 938827 update not installed
[35746] Microsoft Windows Knowledge Base Article 938829 update not installed
[35745] Microsoft Windows GDI WMF image code execution
[35742] Microsoft Windows Knowledge Base Article 936782 update not installed
[35741] Microsoft Windows Media Player skin parsing buffer overflow
[35739] Microsoft Windows Knowledge Base Article 942017 update not installed
[35582] Microsoft Windows URI protocol handling command execution
[35538] Microsoft Windows Explorer GIF denial of service
[35397] Microsoft Windows Vista USER32.DLL denial of service
[35322] Microsoft Windows Vista firewall information disclosure
[35219] Microsoft Windows Knowledge Base Article 936542 update is not installed
[35216] Microsoft Windows Knowledge Base Article 933103 update not installed
[35206] Microsoft Windows Knowledge Base Article 939373 update is not installed
[35202] Microsoft Windows Knowledge Base Article 935807 update not installed
[35199] Microsoft Windows Knowledge Base Article 936227 update not installed
[35190] Microsoft Windows Knowledge Base Article 936548 update not installed
[35183] Microsoft Windows Knowledge Base Article 937986 update not installed
[35181] Microsoft Windows Knowledge Base Article 926122 update is not installed
[35180] Microsoft Windows Active Directory LDAP denial of service
[35179] Microsoft Windows Active Directory LDAP attribute buffer overflow
[35059] Microsoft Windows TCP/IP Source Specific Multicasting (SSM) multiple buffer overflows
[34743] Microsoft Windows GDI+ denial of service
[34648] Microsoft Windows Knowledge Base Article 935839 update not installed
[34645] Microsoft Windows Win32 API code execution
[34642] Microsoft Windows Knowledge Base Article 935840 update not installed
[34640] Microsoft Windows Knowledge Base Article 931212 update not installed .NET
[34636] Microsoft Windows Schannel code execution
[34634] Microsoft Windows Server 2003 Active Directory information disclosure
[34633] Microsoft Windows Knowledge Base Article 933566 update not installed
[34624] Microsoft Windows Knowledge Base Article 929123 update not installed
[34623] Microsoft Windows MHTML Content-Disposition information disclosure
[34622] Microsoft Windows MHTML URL redirect information disclosure
[34618] Microsoft Windows Vista ACL user credentials information disclosure
[34611] Microsoft Windows Knowledge Base Article 927051 update not installed
[34599] Microsoft Windows Server 2003 terminal server security bypass
[34444] Microsoft Windows unspecified code execution
[34032] Microsoft Windows Knowledge Base Article 935966 update not installed
[33959] Microsoft Windows Virtual DOS Machine (VDM) VdmpInitialize privilege escalation
[33916] Microsoft Windows Knowledge Base Article 934233 update not installed
[33909] Microsoft Windows Knowledge Base Article 934873 update not installed
[33902] Microsoft Windows Knowledge Base Article 934232 update not installed
[33891] Microsoft Windows Knowledge Base Article 931832 update not installed
[33667] Microsoft Windows unspecified buffer overflow
[33629] Microsoft Windows DNS Server RPC interface buffer overflow
[33473] Microsoft Windows dynamic DNS update unauthorized access
[33410] Microsoft Windows Vista LLTD Mapper host spoofing
[33409] Microsoft Windows Vista LLTD Mapper bridge spoofing
[33401] Microsoft Windows Vista LLTD Responder host spoofing
[33399] Microsoft Windows Vista LLTD Mapper denial of service
[33398] Microsoft Windows Vista Teredo address weak security
[33396] Microsoft Windows Vista Meeting Space weak security
[33395] Microsoft Windows Vista nonce spoofing
[33394] Microsoft Windows Vista Neighbor Advertisements spoofing
[33393] Microsoft Windows Vista ARP denial of service
[33301] Microsoft Windows animated cursor (ANI) buffer overflow
[33300] Microsoft Windows Vista atikmdag.sys slideshow denial of service
[33272] Microsoft Windows Vista CSRSS CsrFinalizeContext privilege escalation
[33271] Microsoft Windows Knowledge Base Article 931784 update not installed
[33270] Microsoft Windows kernel VDM mapped memory privilege escalation
[33269] Microsoft Windows Knowledge Base Article 931261 update not installed
[33268] Microsoft Windows Universal Plug and Play HTTP buffer overflow
[33267] Microsoft Windows Knowledge Base Article 932168 update not installed
[33266] Microsoft Windows Knowledge Base Article 925902 update not installed
[33264] Microsoft Windows TrueType Fonts rasterizer privilege escalation
[33263] Microsoft Windows GDI color parameter buffer overflow
[33261] Microsoft Windows GDI window size privilege escalation
[33259] Microsoft Windows GDI EMF image buffer overflow
[33258] Microsoft Windows GDI WMF image denial of service
[33257] Microsoft Windows Knowledge Base Article 931768 update not installed
[33244] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) information disclosure
[33225] Microsoft Windows Media File Format ASF multiple buffer overflows
[33167] Microsoft Windows Vista Mail Client code execution
[33118] Microsoft Windows XP winmm.dll denial of service
[33117] Microsoft Windows MFC AfxOleSetEditMenu() buffer overflow
[33086] Microsoft Windows Ndistapi.sys driver denial of service
[33037] Microsoft Windows Explorer WMF file denial of service
[32921] Microsoft Windows ole32.dll library denial of service
[32808] Microsoft Windows Shell User Logon ActiveX control shgina.dll unauthorized access
[32740] Microsoft Windows Knowledge Base Article 931906 update not installed
[32738] Microsoft Windows Knowledge Base Article 925939 update not installed
[32644] Microsoft Windows ReadDirectoryChangesW information disclosure
[32419] Microsoft Windows Knowledge Base Article 932554 update not installed
[32394] Microsoft Windows Mobile Internet Explorer WML page denial of service
[32282] Microsoft Windows Knowledge Base Article 927802 update not installed
[32280] Microsoft Windows Image Acquisition service buffer overflow
[32153] Microsoft Windows permanent password detected
[32116] Microsoft Windows administrator password no expiration set
[32111] Microsoft Windows Knowledge Base Article 928255 update not installed
[32110] Microsoft Windows Knowledge Base Article 928843 update not installed
[32109] Microsoft Windows HTML Help ActiveX control code execution
[32108] Microsoft Windows shell new hardware detection privilege escalation
[32107] Microsoft Windows Knowledge Base Article 928090 update not installed
[32104] Microsoft Windows Knowledge Base Article 929434 update not installed
[32090] Microsoft Windows Knowledge Base Article 927779 update not installed
[32071] Microsoft Windows Explorer AVI file denial of service
[32002] Microsoft Windows Mobile Pictures and Videos JPEG denial of service
[32001] Microsoft Windows Mobile Internet Explorer unspecified denial of service
[31845] Microsoft Windows user account never used
[31844] Microsoft Windows guest user account unchanged
[31843] Microsoft Windows built-in guest account enumerated
[31842] Microsoft Windows user account password unchanged
[31821] Microsoft Windows time zone update for year 2007
[31288] Microsoft Windows Knowledge Base Article 929969 update not installed
[31264] Microsoft Windows Knowledge Base Article 930178 update not installed
[31210] Microsoft Windows Knowledge Base Article 927198 update is not installed
[31199] Microsoft Windows Knowledge Base Article 921585 update is not installed
[31191] Microsoft Windows Knowledge Base Article 925938 update is not installed
[31176] Microsoft Windows CSRSS NtRaiseHardError() information disclosure
[31085] Microsoft Windows Workstation service NetrWkstaUserEnum denial of service
[31018] Microsoft Windows CSRSS MessageBox function privilege escalation
[31015] Microsoft Windows Explorer WMV file denial of service
[31014] Microsoft Windows Media Player MIDI file denial of service
[31008] Microsoft Windows XP directory weak permission
[30757] Microsoft Windows Knowledge Base Article 926121 update not installed
[30756] Microsoft Windows Remote Installation Service code execution
[30717] Microsoft Windows Print Spooler denial of service
[30610] Microsoft Windows Knowledge Base Article 926436 update not installed
[30608] Microsoft Windows Knowledge Base Article 926255 update not installed
[30607] Microsoft Windows file manifest privilege escalation
[30606] Microsoft Windows Knowledge Base Article 926247 update not installed
[30605] Microsoft Windows SNMP service buffer overflow
[30604] Microsoft Windows Knowledge Base Article 925454 update not installed
[30599] Microsoft Windows Knowledge Base Article 924667 update not installed
[30598] Microsoft Windows and Visual Studio MFC components RTF code execution
[30597] Microsoft Windows Knowledge Base Article 923723 update not installed
[30595] Microsoft Windows Knowledge Base Article 923689 update not installed
[30594] Microsoft Windows Media Player ASF processing buffer overflow
[30593] Microsoft Windows Knowledge Base Article 918118 update not installed
[30592] Microsoft Windows and Office Rich Edit components code execution
[30591] Microsoft Windows Knowledge Base Article 925674 update not installed
[30586] Microsoft Windows Media Player ASX playlist buffer overflow
[30553] Microsoft Windows Live Messenger emoticon denial of service
[30172] Microsoft Windows Knowledge Base Article 928088 update not installed
[30042] Microsoft Windows GDI kernel privilege escalation
[29954] Microsoft Windows Knowledge Base Article 923980 update not installed
[29953] Microsoft Windows Client Service for NetWare (CSNW) denial of service
[29952] Microsoft Windows Client Service for NetWare (CSNW) buffer overflow
[29950] Microsoft Windows Knowledge Base Article 920213 update is not installed
[29949] Microsoft Windows Knowledge Base Article 924270 update not installed
[29948] Microsoft Windows Workstation service NetpManageIPCConnect buffer overflow
[29943] Microsoft Windows Knowledge Base Article 923789 update not installed
[29917] Microsoft Windows XP NAT Helper ipnathlp.dll denial of service
[29546] Microsoft Windows 2000/2003 user logoff initiated
[29545] Microsoft Windows 2000/2003 system time changed
[29544] Microsoft Windows 2000/2003 system security access removed
[29543] Microsoft Windows 2000/2003 security access granted
[29542] Microsoft Windows 2000/2003 SAM notification package loaded
[29541] Microsoft Windows 2000/2003 primary security token issued
[29540] Microsoft Windows 2000/2003 user password reset successful
[29539] Microsoft Windows 2000/2003 object indirectly accessed
[29538] Microsoft Windows 2000/2003 object handle duplicated
[29537] Microsoft Windows 2000/2003 logon with explicit credentials success
[29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
[29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
[29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
[29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
[29532] Microsoft Windows 2000/2003 IKE security association established
[29531] Microsoft Windows 2000/2003 IKE quick mode association ended
[29530] Microsoft Windows 2000/2003 IKE main mode association ended
[29529] Microsoft Windows 2000/2003 IKE association negotiation failed
[29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
[29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
[29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
[29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
[29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
[29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
[29522] Microsoft Windows 2000/2003 administrative group security descriptor set
[29521] Microsoft Windows 2000/2003 account name changed
[29400] Microsoft Windows drmstor.dll denial of service
[29373] Microsoft Windows SMB rename denial of service
[29369] Microsoft Windows Knowledge Base Article 922819 update is not installed
[29253] Microsoft Windows error report transmission detected
[29243] Microsoft Windows Knowledge Base Article 924164 update is not installed
[29236] Microsoft Windows Knowledge Base Article 924163 update is not installed
[29229] Microsoft Windows Knowledge Base Article 923694 update not installed
[29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow
[29226] Microsoft Windows Knowledge Base Article 924554 update is not installed
[29214] Microsoft Windows Knowledge Base Article 922581 update is not installed
[29211] Microsoft Windows Knowledge Base Article 924191 update is not installed
[29208] Microsoft Windows Knowledge Base Article 924496 update is not installed
[29205] Microsoft Windows Object Packager file extension spoofing code execution
[29204] Microsoft Windows Knowledge Base Article 923414 update is not installed
[29202] Microsoft Windows Knowledge Base Article 922760 update is not installed
[29201] Microsoft Windows Knowledge Base Article 923191 update is not installed
[29171] Microsoft Windows Knowledge Base Article 925486 update is not installed
[28664] Microsoft Windows Knowledge Base Article 922770 update is not installed
[28660] Microsoft Windows Knowledge Base Article 921503 update is not installed
[28659] Microsoft Windows OLE Automation code execution
[28656] Microsoft Windows Knowledge Base Article 924090 update not installed
[28652] Microsoft Windows Knowledge Base Article 920685 update is not installed
[28649] Microsoft Windows Knowledge Base Article 910729 update is not installed
[28646] Microsoft Windows Knowledge Base Article 919007 update is not installed
[28643] Microsoft Windows XP PGM buffer overflow
[28600] Microsoft Windows winhlp32 HLP file unspecified code execution
[28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
[28474] Microsoft Windows PNG IHDR block denial of service
[28281] Microsoft Windows WMF gdi32.dll denial of service
[28240] Microsoft Windows DNS client data string buffer overflow
[28183] Microsoft Windows gdiplus.dll denial of service
[28045] Microsoft Windows Knowledge Base Article 918899 update is not installed
[28028] Microsoft Windows Knowledge Base Article 922616 update is not installed
[28027] Microsoft Windows Knowledge Base Article 922968 update is not installed
[28024] Microsoft Windows Knowledge Base Article 921645 update is not installed
[28022] Microsoft Windows Knowledge Base Article 920670 update is not installed
[28020] Microsoft Windows Hyperlink Object Library (hlink.dll) buffer overflow
[28019] Microsoft Windows Knowledge Base Article 920214 update is not installed
[28018] Microsoft Windows Knowledge Base Article 921398 update is not installed
[28017] Microsoft Windows Knowledge Base Article 920958 update is not installed
[28016] Microsoft Windows kernel system inputs buffer overflow
[28015] Microsoft Windows Knowledge Base Article 920683 update is not installed
[28014] Microsoft Windows Winsock API buffer overflow
[28013] Microsoft Windows DNS client buffer overflow
[28012] Microsoft Windows Knowledge Base Article 917422 update is not installed
[28011] Microsoft Windows kernel exception handling code execution
[28009] Microsoft Windows kernel Winlogon privilege escalation
[28008] Microsoft Windows Knowledge Base Article 917008 update is not installed
[28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
[28004] Microsoft Windows Knowledge Base Article 921883 update is not installed
[28002] Microsoft Windows Server service buffer overflow
[27999] Microsoft Windows SMB malformed PIPE denial of service
[27832] Microsoft Windows ASN.1 Library HTTP NTLM buffer overflow
[27567] Microsoft Windows explorer.exe Internet Shortcut (.url) denial of service
[27562] Microsoft Windows Knowledge Base Article 915384 update is not installed
[27554] Microsoft Windows Knowledge Base Article 917284 update is not installed
[27467] Microsoft Windows Knowledge Base Article 917285 update is not installed
[27417] Microsoft Windows Live Messenger contact list denial of service
[26905] Microsoft Windows Knowledge Base Article 918547 update is not installed
[26903] Microsoft Windows Knowledge Base Article 917336 update is not installed
[26886] Microsoft Windows Knowledge Base Article 917953 update is not installed
[26884] Microsoft Windows Knowledge Base Article 917736 update is not installed
[26883] Microsoft Windows Knowledge Base Article 917537 update is not installed
[26882] Microsoft Windows Knowledge Base Article 917344 update is not installed
[26880] Microsoft Windows Knowledge Base Article 917159 update is not installed
[26876] Microsoft Windows Knowledge Base Article 916281 update is not installed
[26874] Microsoft Windows Knowledge Base Article 914389 update is not installed
[26871] Microsoft Windows Knowledge Base Article 914388 update is not installed
[26868] Microsoft Windows Knowledge Base Article 917734 update is not installed
[26867] Microsoft Windows Knowledge Base Article 911280 update is not installed
[26865] Microsoft Windows Knowledge Base Article 917283 update is not installed
[26861] Microsoft Windows Knowledge Base Article 918439 update is not installed
[26836] Microsoft Windows RPC mutual authentication spoofing
[26834] Microsoft Windows TCP/IP protocol driver buffer overflow
[26830] Microsoft Windows SMB invalid handle denial of service
[26823] Microsoft Windows DHCP Client buffer overflow
[26820] Microsoft Windows SMB Server service information disclosure
[26818] Microsoft Windows Mailslot Server driver buffer overflow
[26815] Microsoft Windows Graphics Rendering Engine (GRE) WMF code execution
[26814] Microsoft Windows RRAS RASMAN buffer overflow
[26813] Microsoft Windows Knowledge Base Article 916768 update is not installed
[26812] Microsoft Windows RRAS buffer overflow
[26809] Microsoft Windows ART image rendering library buffer overflow
[26805] Microsoft Windows JScript code execution
[26788] Microsoft Windows Media Player PNG buffer overflow
[26487] Microsoft Windows NTDLL.DLL improper DOS to NT path conversion
[26166] Microsoft Windows Knowledge Base Article 912442 update is not installed
[26161] Microsoft Windows Knowledge Base Article 916803 update is not installed
[26156] Microsoft Windows Knowledge Base Article 913580 update is not installed
[25794] Microsoft Windows Knowledge Base Article 917627 update is not installed
[25792] Microsoft Windows Knowledge Base Article 911567 update is not installed
[25629] Microsoft Windows Knowledge Base Article 912812 update is not installed
[25626] Microsoft Windows Knowledge Base Article 911562 update is not installed
[25625] Microsoft Windows Knowledge Base Article 908531 not installed
[25598] Microsoft Windows XP Firewall .exe firewall bypass
[25597] Microsoft Windows XP Firewall ADS filename:stream syntax application alert bypass
[25573] Microsoft Windows winhlp32.exe .hlp embedded image buffer overflow
[25554] Microsoft Windows Explorer COM object code execution
[25535] Microsoft Outlook Express Windows Address Book file buffer overflow
[25370] Microsoft Windows Knowledge Base Article 901190 not installed
[25369] Microsoft Windows DNS recursive query denial of service
[25366] Microsoft Windows Knowledge Base Article 905755 update is not installed
[25365] Microsoft Windows Knowledge Base Article 914798 update is not installed
[25364] Microsoft Windows Knowledge Base Article 914451 update is not installed
[25363] Microsoft Windows Knowledge Base Article 905756 update is not installed
[25361] Microsoft Windows Knowledge Base Article 905758 update is not installed
[25360] Microsoft Windows Knowledge Base Article 905754 update is not installed
[25359] Microsoft Windows Knowledge Base Article 905555 update is not installed
[25358] Microsoft Windows Knowledge Base Article 905646 update is not installed
[25357] Microsoft Windows Knowledge Base Article 905757 update is not installed
[25342] Microsoft Windows Knowledge Base Article 905553 update is not installed
[25261] Microsoft Windows Knowledge Base Article 913433 is not installed
[24586] Microsoft Windows DNS client ATMA data record buffer overflow
[24512] Microsoft Windows Knowledge Base Article 911565 update is not installed
[24511] Microsoft Windows Knowledge Base Article 911564 update is not installed
[24509] Microsoft Windows Knowledge Base Article 889167 update is not installed
[24496] Microsoft Windows Knowledge Base Article 911927 update is not installed
[24495] Microsoft Windows Knowledge Base Article 913446 update is not installed
[24494] Microsoft Windows Knowledge Base Article 910620 update is not installed
[24493] Microsoft Windows Media Player Plugin EMBED element buffer overflow
[24492] Microsoft Windows and Office Korean IME privilege elevation
[24491] Microsoft Windows MSRPC WebClient service message buffer overflow
[24489] Microsoft Windows IGMP v3 denial of service
[24488] Microsoft Windows Media Player BMP image parsing service buffer overflow
[24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
[24473] Microsoft Windows 2000 event ID 565 not logged
[24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
[24471] Microsoft Windows VDM information disclosure
[24463] Microsoft Windows XP "
[24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
[24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
[24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
[24402] Microsoft Windows 2000 Terminal Service client IP not logged
[24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
[24157] Microsoft Windows wireless ad-hoc network unauthorized access
[24044] Microsoft Windows GRE ExtCreateRegion() and ExtEscape() WMF denial of service
[23978] Microsoft Windows Knowledge Base Article 912919 update is not installed
[23926] Microsoft Windows Knowledge Base Article 908523 update is not installed
[23924] Microsoft Windows Knowledge Base Article 908519 update is not installed
[23922] Microsoft Windows embedded Open Type Web font buffer overflow
[23846] Microsoft Windows GDI32.DLL WMF image rendering code execution
[23453] Microsoft Windows COM object as ActiveX control allows execution of code
[23450] Microsoft Windows Knowledge Base Article 905915 update is not installed
[23447] Microsoft Windows APC queue list could allow elevated privileges
[23284] Microsoft Windows SynAttackProtect denial of service
[23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
[22899] Microsoft Windows Knowledge Base Article 902412 update is not installed
[22882] Microsoft Windows Knowledge Base Article 896424 update is not installed
[22877] Microsoft Windows Metafile image format buffer overflow
[22876] Microsoft Windows Metafile and Enhance Metafile buffer overflow
[22524] Microsoft Windows XP Wireless Zero Configuration service information disclosure
[22514] Microsoft Windows Knowledge Base Article 902400 update is not installed
[22512] Microsoft Windows Knowledge Base Article 907245 update is not installed
[22502] Microsoft Windows Knowledge Base Article 905749 update is not installed
[22501] Microsoft Windows Knowledge Base Article 900725 update is not installed
[22498] Microsoft Windows XP tftp.exe heap overflow
[22495] Microsoft Windows Collaboration Data Objects buffer overflow
[22492] Microsoft Windows Knowledge Base Article 904706 update is not installed
[22481] Microsoft Windows MSRPC Plug and Play buffer overflow
[22480] Microsoft Windows DirectShow .AVI file code execution
[22479] Microsoft Windows HTML in preview fields execute code
[22478] Microsoft Windows .lnk properties execute code
[22477] Microsoft Windows .lnk file execute code
[22476] Microsoft Windows Distributed Transaction Coordinator message denial of service
[22475] Microsoft Windows Distributed Transaction Coordinator TIP denial of service
[22473] Microsoft Windows COM code execution
[22204] Microsoft Windows keybd_event or SendKeys allows elevated privileges
[22156] Microsoft Windows Knowledge Base Article 899589 update is not installed
[22089] Microsoft Windows Registry Editor Utility concealment
[21980] Microsoft Windows Registry Editor Utility concealment
[21978] Microsoft Windows user32.dll component denial of service
[21954] Microsoft Windows Remote Desktop Protocol mstlsapi.dll Man-in-the-Middle
[21931] Microsoft Windows XP memory leak
[21895] Microsoft Windows Msdds.dll object command execution
[21704] Microsoft Windows Knowledge Base Article 896727 update is not installed
[21700] Microsoft Windows Client Service for NetWare code execution
[21626] Microsoft Windows PKINIT protocol obtain information
[21625] Microsoft Windows kerberos message denial of service
[21605] Microsoft Windows Knowledge Base Article 896423 update is not installed
[21604] Microsoft Windows print spooler buffer overflow
[21603] Microsoft Windows Knowledge Base Article 899588 update is not installed
[21602] Microsoft Windows Plug and Play buffer overflow
[21601] Microsoft Windows Knowledge Base Article 899591 update is not installed
[21600] Microsoft Windows Knowledge Base Article 893756 update is not installed
[21599] Microsoft Windows telephony service buffer overflow
[21539] Microsoft Windows USB device driver buffer overflow
[21407] Microsoft Windows RDP request denial of service
[21355] Microsoft Windows Network Connection Manager denial of service
[21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
[21272] Microsoft Windows Knowledge Base Article 903672 update is not installed
[21269] Microsoft Windows Knowledge Base Article 901214 update is not installed
[21221] Microsoft Windows Color Management Module buffer overflow
[21214] Microsoft Windows NTFS allows attacker to obtain information
[20829] Microsoft Windows Step-by-Step Interactive Training bookmark link file buffer overflow
[20826] Microsoft Windows Knowledge Base Article 896422 update is not installed
[20825] Microsoft Windows Knowledge Base Article 896358 update is not installed
[20823] Microsoft Windows Knowledge Base Article 890169 update is not installed
[20822] Microsoft Windows Knowledge Base Article 883939 update is not installed
[20821] Microsoft Windows compiled Help (.CHM) integer overflow
[20820] Microsoft Windows Knowledge Base Article 896426 update is not installed
[20818] Microsoft Windows WebClient Service buffer overflow
[20815] Microsoft Windows SMB process gain access
[20629] Multiple Microsoft Windows IPv6 LAND denial of service
[20546] Microsoft Windows Media Player allows creation of malicious media files
[20382] Microsoft Windows Knowledge Base Article 894320 update is not installed
[20380] Microsoft Windows Web View command execution
[20318] Microsoft Windows Knowledge Base Article 893086 update is not installed
[20317] Microsoft Windows Knowledge Base Article 890923 update is not installed
[20000] Microsoft Windows Knowledge Base Article 892944 update is not installed
[19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
[19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
[19843] Microsoft Windows Knowledge Base Article 894549 update is not installed
[19836] Microsoft Windows CSRSS gain control
[19835] Microsoft Windows HTML Application Host command execution
[19834] Microsoft Windows object buffer overflow
[19832] Microsoft Windows access requests gain privileges
[19830] Microsoft Windows font buffer overflow
[19829] Microsoft Windows Message Queuing component buffer overflow
[19819] Microsoft Windows Remote Desktop "
[19727] Microsoft Windows 2000 GDI32.DLL denial of service
[19593] Microsoft Windows LAND denial of service
[19288] IBM DB2 running on Microsoft Windows obtain information
[19270] Microsoft Windows PNG image buffer overflow
[19220] Microsoft Windows registry key connection denial of service
[19110] Microsoft Windows Hyperlink Object Library code execution
[19109] Microsoft Windows OLE code execution
[19105] Microsoft Windows COM files gain privileges
[19103] Multiple Microsoft Windows TCP/IP denial of service
[19101] Microsoft Windows Servers License Logging service code execution
[19096] Microsoft Windows Media Player PNG buffer overflow
[19093] Microsoft Windows named pipe information disclosure
[19091] Microsoft Windows SharePoint Services and SharePoint Team Services cross-site scripting
[19089] Microsoft Windows SMB code execution
[18879] Microsoft Windows USER32.DLL ANI header overflow
[18768] Microsoft Windows Knowledge Base Article 891711 update is not installed
[18766] Microsoft Windows Knowledge Base Article 871250 update is not installed
[18758] Microsoft Windows Indexing Service allows code execution
[18678] Microsoft Windows winhlp32.exe buffer overflow
[18668] Microsoft Windows LoadImage API buffer overflow
[18667] Microsoft Windows ANI file zero rate number overflow denial of service
[18587] Microsoft Windows Media Player ActiveX object reveals existence of files
[18576] Microsoft Windows Media Player mp3 code execution
[18507] Microsoft Windows XP SP2 subnet option allows access to firewall exceptions
[18394] Microsoft Windows Knowledge Base Article 870763 update is not installed
[18393] Microsoft Windows Knowledge Base Article 873339 update is not installed
[18392] Microsoft Windows Knowledge Base Article 885249 update is not installed
[18391] Microsoft Windows Knowledge Base Article 885835 update is not installed
[18390] Microsoft Windows Knowledge Base Article 885836 update is not installed
[18378] Microsoft Windows Icon image anomaly detected
[18342] Microsoft Windows NT DHCP HardwareAddress code execution
[18341] Microsoft Windows NT DHCP MachineName denial of service
[18340] Microsoft Windows LSASS gain privileges
[18339] Microsoft Windows kernel LPC interface gain privileges
[18338] Microsoft Windows Word for Windows 6.0 Converter font code execution
[18337] Microsoft Windows Word for Windows 6.0 Converter table code execution
[18336] Microsoft Windows HyperTerminal session file buffer overflow
[18314] Microsoft Windows Knowledge Base Article 889293 update is not installed
[18208] Microsoft Windows logon screen saver allows elevated privileges
[17864] Microsoft Windows XP Explorer WAV file denial of service
[17711] Microsoft Windows XP SP2 sessmgr.exe firewall bypass
[17663] Microsoft Windows MS04-029 patch is not installed
[17662] Microsoft Windows MS04-037 patch is not installed
[17661] Microsoft Windows MS04-036 patch is not installed
[17660] Microsoft Windows MS04-035 patch is not installed
[17659] Microsoft Windows MS04-034 patch is not installed
[17658] Microsoft Windows MS04-032 patch is not installed
[17657] Microsoft Windows NetDDE MS04-031 patch is not installed
[17646] Microsoft Windows RPC Runtime Library obtain information
[17641] Microsoft Windows NNTP buffer overflow
[17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
[17621] Microsoft Windows 2003 SMTP service code execution
[17560] Microsoft Windows 2000 and XP GDI library denial of service
[17521] Microsoft Windows 2000 Service Pack 4 is not installed
[17458] Microsoft Windows CE KDataStruct information disclosure
[17457] Microsoft Windows XP Explorer.exe TIFF denial of service
[17455] Microsoft Windows XP information disclosure
[17412] IBM with Microsoft Windows XP Professional has default administrator account
[17341] Microsoft Windows MS04-028 patch is not installed
[17052] Microsoft Windows XP and Internet Explorer displays improper file icon
[17051] Microsoft Windows XP Content-Location bypass Local Computer zone restrictions
[17023] Microsoft Windows XP Windows Explorer bypass Zone Identifier (ZoneID) feature
[17009] Microsoft Windows XP ICF bypass filter
[17004] Microsoft Windows XP Service Pack 2 is not installed on the system
[16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
[16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
[16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
[16907] Microsoft Windows 2003 users with Create global objects privilege
[16905] Microsoft Windows 2003 users or groups with Create global objects privilege
[16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
[16704] Microsoft Windows 2000 Media Player control code execution
[16664] Microsoft Windows Program Group Converter buffer overflow
[16627] Microsoft Windows System32 write file to the directory has been detected
[16597] Microsoft Windows Windows Shell allows code execution
[16592] Microsoft Windows Utility Manager gain privileges
[16591] Microsoft Windows Task Scheduler buffer overflow
[16590] Microsoft Windows POSIX buffer overflow allows local attacker to gain privileges
[16587] Microsoft Windows Network Dynamic Data Exchange Running
[16586] Microsoft Windows HTML Help could allow execution of code
[16582] Microsoft Windows Server 2003 kernel CPU denial of service
[16581] Microsoft Windows Enhanced Metafile (EMF) buffer overflow
[16580] Microsoft Windows Virtual DOS Machine (VDM) allows elevated privileges
[16579] Microsoft Windows Window Management API allows elevated privileges
[16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
[16570] Microsoft Windows 2003 Users with Create global objects privilege
[16564] Microsoft Windows 2003 Groups with Create global objects privilege
[16562] Microsoft Windows 2003 Groups with "
[16556] Microsoft Windows NetDDE buffer overflow
[16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
[16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
[16520] Microsoft Windows 2003 Create global objects privilege
[16362] Microsoft Windows XP Help Center and Support starts automatically
[16304] Microsoft Windows JPEG buffer overflow
[16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
[16270] Microsoft Windows IPSec filter bypass
[16213] Microsoft Windows Local Security Authority buffer overflow exploit attempt detected
[16211] Microsoft Windows Service Host buffer overflow exploit attempt detected
[16210] Microsoft Windows Service Host buffer overflow exploit attempt detected
[16208] Microsoft Windows RPC Locator Service buffer overflow exploit attempt detected
[16207] Microsoft Windows kernel buffer overflow exploit attempt detected
[16206] Microsoft Windows Command Shell buffer overflow exploit attempt detected
[16171] Microsoft Windows XP Explorer code execution
[16154] Microsoft Windows NT 4.0 TSE Security Patch denial of service
[16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
[15956] Microsoft Windows long file share name buffer overflow
[15818] Microsoft Windows MS04-011 patch is not installed
[15813] Microsoft Windows MS04-014 patch is not installed
[15811] Microsoft Windows MS04-012 patch is not installed
[15715] Microsoft Windows Negotiate Security Software Provider buffer overflow
[15714] Microsoft Windows Virtual DOS Machine allows elevated privileges
[15713] Microsoft Windows ASN.1 double-free
[15711] Microsoft Windows object identifier could be used to open network ports
[15710] Microsoft Windows H.323 buffer overflow
[15709] Microsoft Windows COM Internet Service and RPC over HTTP denial of service
[15708] Microsoft Windows RPCSS Service RPC message can cause denial of service
[15707] Microsoft Windows Local Descriptor Table allows privilege escalation
[15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
[15702] Microsoft Windows winlogon buffer overflow
[15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
[15699] Microsoft Windows LSASS buffer overflow
[15678] Microsoft Windows XP task creation allows privilege escalation
[15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
[15589] Microsoft Windows allows elevated privileges
[15507] Microsoft Windows XP Explorer wmf denial of service
[15461] Microsoft Windows MS04-008 patch is not installed
[15394] Microsoft Windows service running under non-built-in accounts has been detected
[15284] Microsoft Windows XP Windows shell shimgvw.dll buffer overflow
[15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
[15256] Microsoft Windows ASN.1 buffer overflow packet using NTLM has been detected
[15255] Microsoft Windows ASN.1 buffer overflow packet using SMTP has been detected
[15223] Microsoft Windows access violation or exception code has been detected
[15218] Microsoft Windows command shell backdoor
[15101] Microsoft Windows XP helpctr.exe cross-site scripting
[15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
[15039] Microsoft Windows ASN.1 Library buffer overflow
[15038] Microsoft Windows 2000 Server Windows Media Services denial of service
[15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
[14924] Microsoft Windows XP folder containing HTML code and executable file code execution
[13786] Microsoft Windows MS03-051 patch is not installed
[13785] Microsoft Windows MS03-048 patch is not installed
[13784] Microsoft Windows MS03-050 patch is not installed
[13639] Microsoft Windows Workstation buffer overflow
[13638] Microsoft Windows MS03-049 patch is not installed
[13558] Microsoft Windows XP CommCtl32.dll could allow an attacker to execute code
[13509] Microsoft Windows HTML Help could allow an attacker to gain privileges
[13482] Microsoft Windows MS03-047 patch is not installed
[13480] Microsoft Windows MS03-046 patch is not installed
[13478] Microsoft Windows MS03-044 patch is not installed
[13473] Microsoft Windows MS03-045 patch is not installed
[13472] Microsoft Windows MS03-042 patch is not installed
[13471] Microsoft Windows MS03-041 patch is not installed
[13444] Microsoft Windows Non-English patched with MS03-045 denial of service in Sophos Anti-Virus
[13426] Microsoft Windows 2000 and XP RPC race condition
[13424] Microsoft Windows User32.dll ListBox and ComboBox controls buffer overflow
[13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
[13422] Microsoft Windows Authenticode could allow an attacker to execute code
[13420] Microsoft Windows HSC HCP protocol file buffer overflow
[13413] Microsoft Windows Messenger Service popup buffer overflow
[13412] Microsoft Windows MS03-043 patch is not installed
[13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
[13385] Microsoft Windows Server 2003 "
[13375] Microsoft Windows Media Player Dynamic HTML behaviors allows an attacker to execute code
[13364] Microsoft Windows MS03-040 patch is not installed
[13344] Microsoft Windows 98 flood of fragmented UDP packets causes denial of service
[13342] Microsoft Windows PostThreadMessage API allows processes to be terminated without permission
[13211] Microsoft Windows 2000 and XP URG memory leak
[13183] Microsoft Windows service pack detected
[13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
[13134] Microsoft Windows MS03-039 patch is not installed
[13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
[13129] Microsoft Windows RPCSS DCOM buffer overflows
[13105] Microsoft Windows Update fails to notify users of updates when host-blocking is used
[13095] Microsoft Windows auto update is disabled
[13089] Microsoft Windows NetBIOS Name Service information disclosure
[12903] Microsoft Windows command shell banner
[12835] Microsoft Windows Pocket PC could allow an attacker to gain access
[12762] Microsoft Windows NT 4.0 Q823803i patch RRAS denial of service
[12747] Microsoft Windows RPC DCOM interface buffer overflow detected
[12724] Microsoft Windows Media Player ASF file could allow code execution
[12701] Microsoft Windows NT 4.0 Server file management function denial of service
[12679] Microsoft Windows RPC DCOM denial of service
[12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
[12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
[12544] Microsoft Windows Servers SMB packet buffer overflow
[12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
[12533] Microsoft Windows MS03-010 patch is not installed
[12521] Microsoft Windows Rundll32.exe overly long routine name buffer overflow
[12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
[12489] Microsoft Windows 2000 Server Active Directory buffer overflow
[12442] Microsoft Windows XP SP1 Windows shell desktop.ini buffer overflow
[12440] Microsoft Windows Media Player ActiveX control could disclose sensitive information
[12187] Microsoft Windows XP gethostbyaddr() denial of service
[12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
[12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
[12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
[11953] Microsoft Windows Media Player skin downloading could allow an attacker to execute code
[11824] Microsoft Windows XP Service Control Manager (SCM) race condition
[11822] Microsoft Windows regedit.exe command execution
[11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
[11810] Microsoft Windows win2k.sys EngTextOut denial of service
[11803] Microsoft Windows kernel LpcRequestWaitReplyPort() buffer overflow
[11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
[11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
[11575] Microsoft Windows Script Engine buffer overflow
[11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
[11536] Microsoft Windows PostMessage() API function could disclose password
[11505] Microsoft Windows XP Safe Mode bypass
[11425] Microsoft Windows Me HSC hcp:// buffer overflow
[11344] Microsoft Windows riched20.dll attribute label buffer overflow
[11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
[11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
[11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
[11260] Microsoft Windows XP Windows Redirector buffer overflow
[11216] Microsoft Windows NT and 2000 command prompt denial of service
[11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
[11132] Microsoft Windows Locator service buffer overflow
[11030] Microsoft Windows OpenType font (.otf) fontview denial of service
[10958] Microsoft Windows File Protection certificate chains with a trusted root CA are accepted
[10957] Microsoft Windows File Protection fails to remove old security catalog .CAT files
[10892] Microsoft Windows XP Shell media file buffer overflow
[10843] Microsoft Windows 2000 and XP SMB signing group policy modification
[10764] Microsoft Windows XP wireless LAN feature could leak information
[10736] Microsoft Windows XP Fast User Switching could disclose user processes
[10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
[10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
[10398] Microsoft Windows Media Player world-writable executables
[10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
[10343] Microsoft Windows NetDDE Agent can be used to gain elevated privileges
[10279] Microsoft Windows XP "
[10254] Microsoft Windows compiled HTML Help (.chm) files could be used to execute code
[10253] Microsoft Windows HTML Help ActiveX buffer overflow
[10252] Microsoft Windows zipped file decompression incorrect target path
[10251] Microsoft Windows zipped file decompression buffer overflow
[10215] Microsoft Windows Scripting Host is running on the system
[10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
[10132] Microsoft Windows fails to properly check execute permissions for 16-bit executable files
[10122] Microsoft Windows Remote Desktop Protocol could allow an attacker to monitor keystrokes
[10121] Microsoft Windows Remote Desktop Protocol checksum information leak
[10120] Microsoft Windows XP Remote Desktop malformed PDU Confirm Active packet denial of service
[9982] Microsoft Windows Certificate Enrollment Control ActiveX control could be used to delete digital certificates
[9971] Microsoft Windows Media Player .wmf file extension or content type spoofing
[9953] Microsoft Windows Media Player WMD code execution
[9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
[9933] Microsoft Windows NT/2000/XP SMB packet request buffer overflow
[9878] Microsoft Windows XP Help and Support Center HCP:// URL could be used to delete files
[9869] Microsoft Windows NTFS hard links could bypass event auditing logs
[9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
[9779] Microsoft Windows 2000 weak system partition permissions
[9752] Microsoft Windows 2000 Service Pack 3 is not installed
[9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
[9727] Microsoft Windows Media Player mplay32 long file name buffer overflow
[9625] Microsoft Windows 2000 Narrator allows login information to be audible
[9422] Microsoft Windows Media Player Active Playlist could allow local HTML script execution
[9421] Microsoft Windows Media Player WMDM service invalid resource connection could allow elevated privileges
[9420] Microsoft Windows Media Player cache path disclosure could allow remote execution of code
[8918] Microsoft Windows XP Remote Desktop Access is enabled
[8915] Microsoft Windows XP Internet Configuration Firewall is disabled
[8892] Microsoft Windows XP "
[8891] Microsoft Windows XP option to digitally sign server communications disabled
[8890] Microsoft Windows XP option to digitally sign client communications when server agrees disabled
[8889] Microsoft Windows XP option to digitally sign server communications when client agrees disabled
[8888] Microsoft Windows XP security option to digitally sign client communications disabled
[8882] Microsoft Windows XP Session security for NTLM SSP based servers is below minimum
[8880] Microsoft Windows XP Session security for NTLM SSP based clients is below minimum
[8867] Microsoft Windows 2000 LanMan denial of service
[8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
[8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
[8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
[8739] Microsoft Windows 2000 DCOM memory leak
[8728] Microsoft Windows Registry remote write audit
[8727] Microsoft Windows Registry remote access audit
[8621] Microsoft Internet Explorer on Windows Me fails to prompt user when a cookie is stored if set using JavaScript
[8604] Microsoft Outlook allows an attacker to execute JavaScript code by using IFRAME tags to reference malicious Windows Media Player file
[8559] Microsoft Windows registry security SAM read
[8512] Microsoft Windows NT security ID lookup
[8509] Microsoft Windows startup folder access
[8462] Microsoft Windows NT/2000 debugging subsystem allows attacker to create duplicate handles
[8402] Microsoft Windows 2000 allows an attacker to bypass password policy
[8388] Microsoft Windows NT Server with IIS 4.0 could allow users to bypass "
[8384] Microsoft Windows Shell buffer overflow can occur when an application has been improperly removed
[8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
[8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
[8231] Microsoft Windows NT SNMP OID decoding memory leak
[8209] Microsoft Windows XP CIFS port denial of service
[8207] Microsoft Windows XP UDP port denial of service
[8199] Microsoft Windows 2000 Terminal Services unlocked client
[8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
[8077] Microsoft Windows Messenger and/or MSN Messenger is present on the system
[8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
[8037] Microsoft Windows 2000 empty TCP packet denial of service
[8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
[8000] Microsoft Windows XP "
[7922] Microsoft Windows XP Pro Upgrade installation causes security patches for Internet Explorer to be rolled back
[7892] Microsoft Windows 95 Backup long file extension buffer overflow
[7800] Microsoft Internet Explorer Windows Media Player ActiveX could allow an attacker to determine the existence of files or directories
[7732] Microsoft Windows XP Remote Desktop sends username in plain text
[7731] Microsoft Windows XP fast user switching could lockout users except administrator
[7722] Microsoft Windows XP, Me, 98, and 98SE UPnP spoofed UDP packet with SSDP announcement denial of service attack
[7721] Microsoft Windows XP, Me, 98, and 98SE UPnP malformed NOTIFY directive buffer overflow
[7713] Microsoft Windows XP allows attacker to execute programs using hotkeys without authentication
[7709] Microsoft Windows multiple vendor Web browser high image count denial of service
[7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
[7605] Microsoft Windows XP helpctr.exe buffer overflow
[7542] Microsoft Windows 95 and 98 with multiple TCP/IP stacks ICMP packet denial of service
[7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
[7533] Microsoft Windows 2000 RunAs service denial of service
[7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
[7531] Microsoft Windows 2000 RunAs service reveals sensitive information
[7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
[7428] Microsoft Windows Me and XP UPnP denial of service
[7422] Microsoft Windows NT RSHSVC does not properly validate users
[7421] Microsoft Windows NT GetThreadContext/SetThreadContext denial of service
[7409] Microsoft Windows 2000 and Windows XP GDI denial of service
[7405] Microsoft Windows NT NonPagedPool denial of service
[7403] Microsoft Windows NT Win32k.sys denial of service
[7402] Microsoft Windows NT kernel mode handle-closing denial of service
[7401] Microsoft Windows NT group policies not applied if long DC name
[7400] Microsoft Windows NT user policies not updated
[7398] Microsoft Windows NT symbolic link case elevation of privileges
[7391] Microsoft Windows NT strong passwords may allow parts of the full name
[7369] Microsoft Windows CSRSS.EXE denial of service
[7329] Microsoft Windows NT WINS malformed packet flood denial of service
[7318] Microsoft Windows ME SSDP service denial of service
[7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
[7231] Microsoft Windows 95 using NetWare remote administration contains hidden share
[7224] Microsoft Windows NT smbmount request from Linux client denial of service
[7125] Microsoft Windows NT Index Server "
[7107] Microsoft Windows NT Xenroll denial of service
[7105] Microsoft Windows RPC endpoint mapper malformed request denial of service
[7008] Microsoft Windows 2000 IrDA device denial of service
[6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
[6962] Microsoft Windows Media Player .ASF marker buffer overflow
[6943] Microsoft Windows NT NT4ALL denial of service
[6931] Microsoft Windows 2000 without Service Pack 2
[6924] Microsoft Windows 98 ARP packet flooding denial of service
[6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
[6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
[6907] Microsoft Windows Media Player .NSC buffer overflow
[6876] Microsoft Windows 2000 could allow an attacker to change network passwords
[6874] Microsoft Windows 95/98 invalid path in registry could allow malicious file execution
[6803] Microsoft Windows 2000 SMTP service allows mail relaying
[6745] Microsoft Windows 2000 LDAP function could allow domain user password change
[6669] Microsoft Windows 2000 Telnet system call denial of service
[6668] Microsoft Windows 2000 Telnet handle leak denial of service
[6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
[6666] Microsoft Windows 2000 Telnet username denial of service
[6665] Microsoft Windows 2000 Telnet service weak domain authentication
[6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
[6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
[6584] Microsoft Windows Media Player HTML code hidden in Internet shortcuts
[6518] Microsoft Windows Index Server could allow attackers to view files on the Web server
[6517] Microsoft Windows NT Index Server "
[6506] Microsoft Windows 2000 Server Kerberos denial of service
[6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
[6441] Microsoft Windows NT drivers DbgPrint function format string
[6294] Microsoft Windows Me and Plus! 98 recovery of Compressed Folder passwords
[6275] Microsoft Windows user.dmp file insecure permissions
[6227] Microsoft Windows Media Player allows remote attackers to execute commands in Internet Explorer
[6160] Microsoft Windows 2000 event viewer buffer overflow
[6136] Microsoft Windows 2000 domain controller denial of service
[6103] Microsoft Windows NT PPTP denial of service
[6070] Microsoft Windows UDP socket denial of service
[6062] Microsoft Windows DDE allows privilege elevation
[6035] Microsoft Windows 2000 Server RDP denial of service
[6006] Microsoft Windows NT mutex denial of service
[5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
[5937] Microsoft Windows Media Player skins can be used to execute arbitrary code
[5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
[5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
[5746] Microsoft Windows NT MSTask.exe denial of service
[5673] Microsoft Windows NT MTS registry permissions
[5672] Microsoft Windows NT SNMP registry permissions
[5671] Microsoft Windows NT RAS registry permissions
[5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
[5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
[5585] Microsoft Windows 2000 brute force attack
[5573] Microsoft Windows NT SynAttackProtect denial of service
[5502] Microsoft Windows 2000 Indexing Services ixsso.query
[5489] Microsoft Windows NT Terminal Server GINA RegAPI.DLL buffer overflow
[5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
[5417] Microsoft Windows NT MSIEXEC service uses the msi.dll registery key that has weak permissions
[5411] Microsoft Windows File Share service denial of service
[5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
[5395] Microsoft Windows 9x share level password
[5387] Microsoft Windows HyperTerminal Telnet buffer overflow
[5370] Microsoft Windows 9x NetBIOS invalid driver type denial of service
[5357] Microsoft Windows 9x malformed NWLink NMPI packet denial of service
[5315] Microsoft Windows NT invalid LPC request
[5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
[5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
[5222] Microsoft Windows 2000 malformed RPC packet denial of service
[5203] Microsoft Windows 2000 still image service
[5193] Microsoft Windows Media Services Unicast Service denial of service
[5171] Microsoft Windows 2000 Local Security Policy corruption
[5168] Microsoft Windows NetBIOS cache corruption
[5097] Microsoft Windows folder.htt allows execution of active scripting without approval
[5079] Microsoft Windows 95/98 malformed IPX ping packet denial of service
[5040] Microsoft Windows NT/2000 explorer.exe uses relative path name in registry
[5035] Microsoft Windows NT/2000 NetBIOS Name Server spoofed name conflict
[5033] Microsoft Windows 2000 without Service Pack 1
[5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
[5015] Microsoft Windows NT and 2000 executable path
[4887] Microsoft Windows 2000 Kerberos ticket renewed
[4886] Microsoft Windows 2000 logon session reconnected
[4885] Microsoft Windows 2000 logon session disconnected
[4882] Microsoft Windows 2000 Kerberos pre-authentication failed
[4873] Microsoft Windows 2000 user account mapped for logon
[4872] Microsoft Windows 2000 account logon failed
[4871] Microsoft Windows 2000 account used for logon
[4855] Microsoft Windows 2000 group type change
[4828] Microsoft Windows 95/98 ARP spoofing
[4823] Microsoft Windows 2000 Telnet server binary stream denial of service
[4819] Microsoft Windows 2000 default SYSKEY configuration
[4787] Microsoft Windows 2000 user account locked out
[4786] Microsoft Windows 2000 computer account created
[4785] Microsoft Windows 2000 computer account changed
[4784] Microsoft Windows 2000 computer account deleted
[4714] Microsoft Windows 2000 "
[4702] Microsoft Windows event log full
[4700] Microsoft Windows computer password not found in local security database
[4698] Microsoft Windows EventLog service started
[4688] Microsoft Windows Network Monitor driver started
[4673] Microsoft Windows resources for queuing of audit messages have been exhausted
[4671] Microsoft Windows event log file cannot be opened
[4670] Microsoft Windows event log file corrupted
[4648] Microsoft Windows NT malformed remote registry request denial of service
[4608] Microsoft Windows NT computer account creation can compromise User Session Key
[4600] Microsoft Windows NT denial of service caused by unacknowledged SMB requests
[4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
[4585] Microsoft Windows Encoder denial of service
[4552] Microsoft Windows Browser service can be shutdown by an unauthorized remote user
[4547] Microsoft Windows Master Browser browse table can be filled with bogus entries
[4517] Microsoft Windows NT user account locked out
[4516] Microsoft Windows NT user account enabled
[4515] Microsoft Windows NT user account disabled
[4337] Microsoft Windows NT/2000 cmd.exe buffer overflow
[4332] Microsoft Windows NT registry permissions could allow compromise of cryptographic keys
[4278] Microsoft Windows 2000 unattended install does not secure All Users profile
[4247] Microsoft Windows 95/98 printer sharing allows read access
[4221] Microsoft Windows NT drive mapping allows local users to execute arbitrary code
[4203] Microsoft Windows TCP/IP Printing Service denial of service
[4141] Microsoft Windows can be configured to transmit unencrypted passwords to SMB server
[4140] Microsoft Windows Telnet service authentication may expose user passwords
[4138] Microsoft Windows 2000 system file integrity feature is disabled
[4111] Microsoft Windows NT 4.0 registry permissions
[4108] Microsoft Windows Media Technologies malformed license request denial of service
[4107] Microsoft Windows path names containing DOS devices denial of service
[4086] Microsoft Windows 2000 may not start Jaz drives correctly
[4085] Microsoft Windows 2000 non-Gregorial calendar error
[4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
[4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
[4082] Microsoft Windows 2000 and Iomega parallel port drives display error
[4081] Microsoft Windows invalid image error when using OLE libraries
[4080] Microsoft Windows 2000 AOL image support
[4079] Microsoft Windows 2000 High Encryption Pack
[4034] Microsoft Windows Media Services handshake packets denial of service
[4016] Microsoft Windows NT Recycle Bin could allow an unauthorized user to modify deleted files
[3993] Microsoft Windows Trin00 Distributed Denial of Service (DDoS) tool found
[3909] Microsoft Windows 9x share is writable
[3906] Microsoft Windows NT share is readable
[3694] Microsoft Windows NT malformed resource enumeration denial of service
[3574] Microsoft Windows 9x cache could reveal plaintext password
[3534] Microsoft Windows NT 4.0 without Service Pack 6
[3373] Microsoft Windows NT user shell folders could allow users to gain administrator privileges
[3328] Microsoft Windows ARP packet denial of service
[3251] Microsoft Windows allows source routing when configured to reject source routed packets
[3248] Microsoft Windows NT RASMAN pathname
[3226] Microsoft Windows NT 4.0 unattended installation could expose sensitive information to local users
[3168] Microsoft Windows NT SP4-SP6 TCP sequence numbers are predictable
[3129] Microsoft Windows Telnet.exe remote buffer overflow
[3109] Microsoft Windows NT Phone Dialer utility contains a locally exploitable buffer overflow
[3106] Microsoft Windows NT DNS server can be remotely crashed by sending a response to a non-existant request
[3104] Microsoft Windows NT TSE denial of service can consume all available memory
[2750] Microsoft Windows started/stopped
[2677] Microsoft Windows NT old operating system
[2549] Microsoft Windows NT install date changed
[2336] Microsoft Windows NT login default folder allows a user to bypass policies
[2313] Microsoft Windows NT can be crashed by executables containing malformed image headers
[2299] Microsoft Windows NT CSRSS denial of service
[2291] Microsoft Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot
[2243] Microsoft Windows NT RAS/RRAS clients cache passwords regardless of setting
[2201] Microsoft Windows NT 4.0 without Service Pack 5
[2200] Microsoft Windows NT RAS client contains an exploitable buffer overflow
[2190] Microsoft Windows NT 4.0 help file utility contains a locally exploitable buffer overflow
[2141] Microsoft SQL Server can be configured to use the Windows NT account SQLExecCmdExe when running xp_cmdshell for non-sa logins
[2129] Microsoft SQL Server should use limited Windows NT protocols to make attacks more difficult
[2102] Microsoft Windows NT allows files to exceed the supposed maximum length
[1977] Microsoft Windows NT RPC services can be used to deplete system resources
[1976] Microsoft Windows NT gina flaw allows locked-out users to log in
[1975] Microsoft Windows NT gina allows some clipboard text to be revealed
[1974] Microsoft Windows NT SNMP agent memory leak
[1947] Microsoft Windows NT/9x can be frozen with redirect packets
[1946] Microsoft Windows NT screen saver can be used to compromise administrator privileges
[1820] Microsoft Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges
[1771] Microsoft Windows 95/98 configurations may lead to excessive bandwidth consumption
[1758] Microsoft SQL Server extended stored procedure, xp_cmdshell, can be used to gain Windows NT administrator rights
[1719] Microsoft Windows NT 4.0 SP4 could allow null passwords to be used for access
[1566] Microsoft Windows NT user account deleted
[1556] Microsoft Windows NT user account created
[1394] Microsoft Windows NT 4.0 without Service Pack 4
[1372] Microsoft Windows NT snork attack can disable system
[1321] Microsoft Windows Interactive_Guest_Logon
[1320] Microsoft Windows legal notice display not enabled
[1319] Microsoft Windows local user on workstation
[1315] Microsoft Windows network Guest logon
[1314] Microsoft Windows NT user has never logged on
[1312] Microsoft Windows NT null session user modals
[1296] Microsoft Windows service user
[1295] Microsoft Windows NT service user password found
[1291] Microsoft Windows shutdown without logon enabled
[1288] Microsoft Windows NT system key encryption not enabled
[1286] Microsoft Windows NT TCP/IP security not enabled
[1285] Microsoft Windows trojan key permissions
[1284] Microsoft Windows NT trusted domain
[1075] Microsoft Windows file-sharing access error
[981] Microsoft Windows WINS exploit using SNMP
[710] Microsoft Windows NT portbind issue
[679] Microsoft Windows null session
[539] Microsoft Windows 95 and Internet Explorer password disclosure
[538] Microsoft Windows NT Winpopup DoS attack
[536] Microsoft Windows NT discloses system information
[535] Microsoft Windows NT sometimes does not kill all processes when logging out
[534] Microsoft Windows 95 stores many passwords in plain text in the registry
[530] Microsoft Windows NT RAS service packet filtering rules can be bypassed
[529] Microsoft Windows NT case problems can lead to admin access
[528] Microsoft Windows NT fragmentation attack
[526] Microsoft Windows NT path is insecure and can be easily trojaned
[342] Microsoft Windows NT SMB logon denial of service
[283] Microsoft Windows account password guessed
[186] Microsoft Windows NT DNS denial of service
[172] Microsoft Windows NT Post-SP2 security patches missing
[168] Microsoft Windows key with incorrect permissions
[140] Microsoft Windows telnet service installed
[138] Microsoft Windows system log accessible
[121] Microsoft Windows NT security log accessible
[120] Microsoft Windows schedule service running
[114] Microsoft Windows NT rsh service Running
[102] Microsoft Windows NT rexec service running
[99] Microsoft Windows registry can be opened remotely
[98] Microsoft Windows NT rcmd service running
[92] Microsoft Windows NT rlogin service installed
[66] Microsoft Windows NT kernel outdated
[17] Microsoft Windows NT RPC locator denial of service
[16] Microsoft Windows Remote Access Service
[14] Microsoft Windows NT 4.0 without Service Pack 3
[13] Microsoft Windows Network Monitor insecure password
[11] Microsoft Windows NT 4.0 beta
[86263] National Instruments LabWindows/CVI unspecified
[86261] ABB DataManager National Instruments LabWindows/CVI, LabVIEW unspecified
[86088] Microsoft Internet Explorer CVE-2013-3199 code execution
[86087] Microsoft Internet Explorer CVE-2013-3194 code execution
[86086] Microsoft Internet Explorer CVE-2013-3193 code execution
[86085] Microsoft Internet Explorer CVE-2013-3191 code execution
[86084] Microsoft Internet Explorer CVE-2013-3190 code execution
[86083] Microsoft Internet Explorer CVE-2013-3189 code execution
[86082] Microsoft Internet Explorer CVE-2013-3188 code execution
[86081] Microsoft Internet Explorer CVE-2013-3187 code execution
[86080] Microsoft Internet Explorer CVE-2013-3184 code execution
[86079] Microsoft Internet Explorer EUC-JP information disclosure
[86078] Microsoft Internet Explorer integrity level privilege escalation
[85802] Microsoft PowerPoint denial of service
[85762] Microsoft Internet Explorer sandbox bypass
[85276] Cisco Jabber for Windows denial of service
[85242] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
[85241] Microsoft .NET Framework and Microsoft Silverlight code execution
[85240] Microsoft .NET Framework and Microsoft Silverlight code execution
[85239] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
[85238] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
[85237] Microsoft .NET Framework and Microsoft Silverlight code execution
[85222] Microsoft Internet Explorer Shift JIS information disclosure
[85221] Microsoft Internet Explorer CVE-2013-3164 code execution
[85220] Microsoft Internet Explorer CVE-2013-3163 code execution
[85219] Microsoft Internet Explorer CVE-2013-3162 code execution
[85218] Microsoft Internet Explorer CVE-2013-3161 code execution
[85217] Microsoft Internet Explorer CVE-2013-3153 code execution
[85216] Microsoft Internet Explorer CVE-2013-3152 code execution
[85215] Microsoft Internet Explorer CVE-2013-3151 code execution
[85214] Microsoft Internet Explorer CVE-2013-3150 code execution
[85213] Microsoft Internet Explorer CVE-2013-3149 code execution
[85212] Microsoft Internet Explorer CVE-2013-3148 code execution
[85211] Microsoft Internet Explorer CVE-2013-3147 code execution
[85210] Microsoft Internet Explorer CVE-2013-3146 code execution
[85209] Microsoft Internet Explorer CVE-2013-3145 code execution
[85208] Microsoft Internet Explorer CVE-2013-3144 code execution
[85207] Microsoft Internet Explorer CVE-2013-3143 code execution
[85206] Microsoft Internet Explorer CVE-2013-3115 code execution
[85204] Microsoft DirectShow code execution
[85133] Microsoft Outlook phishing
[84965] Microsoft Sharepoint Online cross site scripting
[84916] Microsoft Internet Explorer ASLR information disclosure
[84691] Microsoft Internet Explorer code execution
[84690] Microsoft Internet Explorer code execution
[84616] Microsoft Office code execution
[84612] Microsoft Internet Explorer code execution
[84611] Microsoft Internet Explorer code execution
[84610] Microsoft Internet Explorer code execution
[84609] Microsoft Internet Explorer code execution
[84608] Microsoft Internet Explorer code execution
[84607] Microsoft Internet Explorer code execution
[84606] Microsoft Internet Explorer code execution
[84605] Microsoft Internet Explorer code execution
[84604] Microsoft Internet Explorer code execution
[84603] Microsoft Internet Explorer code execution
[84602] Microsoft Internet Explorer code execution
[84601] Microsoft Internet Explorer code execution
[84599] Microsoft Internet Explorer code execution
[84598] Microsoft Internet Explorer code execution
[84597] Microsoft Internet Explorer code execution
[84596] Microsoft Internet Explorer code execution
[84595] Microsoft Internet Explorer code execution
[84581] Novell Client for Windows NWFS.SYS buffer overflow
[84580] Novell Client for Windows NICM.SYS privilege escalation
[84266] Multiple Microsoft products code execution
[84019] Microsoft Internet Explorer MSXML information disclosure
[84011] Microsoft Security Essentials privilege escalation
[84007] Microsoft Internet Explorer CGenericElement object code execution
[84002] DotNetNuke modal windows cross-site scripting
[83995] Microsoft Internet Explorer code execution
[83909] Microsoft Internet Explorer code execution
[83908] Microsoft Internet Explorer code execution
[83907] Microsoft Internet Explorer code execution
[83906] Microsoft Internet Explorer code execution
[83905] Microsoft Internet Explorer code execution
[83904] Microsoft Internet Explorer code execution
[83903] Microsoft Internet Explorer code execution
[83902] Microsoft Internet Explorer code execution
[83901] Microsoft Internet Explorer code execution
[83900] Microsoft Internet Explorer code execution
[83899] Microsoft Internet Explorer information disclosure
[83897] Microsoft Publisher buffer underflow
[83896] Microsoft Publisher code execution
[83895] Microsoft Publisher code execution
[83894] Microsoft Publisher code execution
[83893] Microsoft Publisher code execution
[83892] Microsoft Publisher code execution
[83891] Microsoft Publisher buffer overflow
[83890] Microsoft Publisher code execution
[83889] Microsoft Publisher code execution
[83888] Microsoft Publisher integer overflow
[83887] Microsoft Publisher code execution
[83885] Microsoft Word code execution
[83883] Microsoft Visio information disclosure
[83881] Microsoft Lync code execution
[83879] Microsoft .NET Framework security bypass
[83878] Microsoft .NET Framework spoofing
[83191] Microsoft Internet Explorer code execution
[83190] Microsoft Internet Explorer code execution
[83172] Skype for Windows multiple unspecified
[83092] Microsoft Remote Desktop ActiveX control code execution
[83087] Microsoft SharePoint information disclosure
[83085] Microsoft Antimalware Client privilege escalation
[83083] Microsoft SharePoint and Microsoft Office Web Apps privilege escalation
[82975] NVIDIA Graphics Drivers for Windows privilege escalation
[82974] NVIDIA Graphics Drivers for Windows privilege escalation
[82771] Microsoft Internet Explorer sandbox denial of service
[82766] NVIDIA Graphics Drivers for Windows privilege escalation
[82731] Microsoft Internet Explorer CTreeNode code execution
[82443] Microsoft Office code execution
[82423] Microsoft Silverlight code execution
[82421] Microsoft SharePoint W3WP denial of service
[82420] Microsoft SharePoint input privilege escalation
[82419] Microsoft SharePoint JavaScript privilege escalation
[82418] Microsoft SharePoint Callback privilege escalation
[82416] Microsoft Visio Viewer memory code execution
[82409] Microsoft Internet Explorer removeChild code execution
[82408] Microsoft Internet Explorer onBeforeCopy code execution
[82407] Microsoft Internet Explorer GetMarkupPtr code execution
[82406] Microsoft Internet Explorer CElement code execution
[82405] Microsoft Internet Explorer CCaret code execution
[82404] Microsoft Internet Explorer CMarkupBehaviorContext code execution
[82403] Microsoft Internet Explorer saveHistory code execution
[82402] Microsoft Internet Explorer OnResize code execution
[82400] Microsoft Office for Mac information disclosure
[82398] Microsoft Office OneNote information disclosure
[81900] Microsoft Skype GiftCards cross-site scripting
[81728] Microsoft Internet Explorer SRC information disclosure
[81706] Microsoft Internet Explorer SSL lock spoofng
[81705] Microsoft Internet Explorer TCP sessions information disclosure
[81667] Microsoft .NET Framework WinForms privilege escalation
[81633] Microsoft Internet Explorer CObjectElement code execution
[81631] Microsoft Internet Explorer InsertElement code execution
[81630] Microsoft Internet Explorer SLayoutRun code execution
[81629] Microsoft Internet Explorer pasteHTML code execution
[81628] Microsoft Internet Explorer CDispNode code execution
[81627] Microsoft Internet Explorer LsGetTrailInfo code execution
[81626] Microsoft Internet Explorer vtable code execution
[81625] Microsoft Internet Explorer CMarkup code execution
[81624] Microsoft Internet Explorer COmWindowProxy code execution
[81623] Microsoft Internet Explorer SetCapture code execution
[81622] Microsoft Internet Explorer Shift JIS information disclosure
[81212] Microsoft Lync User-Agent cross-site scripting
[80885] Microsoft Internet Explorer CDwnBindInfo code execution
[80871] Microsoft .NET Framework permission privilege escalation
[80870] Microsoft .NET Framework S.D.S.P. privilege escalation
[80868] Microsoft .NET Framework information disclosure
[80866] Microsoft .NET Framework OData denial of service
[80847] NVIDIA Graphics Drivers for Windows buffer overflow
[80750] Microsoft Internet Explorer denial of service
[80647] Microsoft Internet Explorer cursor information disclosure
[80523] Microsoft Exchange Server RSS feeds denial of service
[80364] Microsoft Internet Explorer improper ref counting code execution
[80363] "Microsoft Internet Explorer CMarkup code execution"
[80362] Microsoft Internet Explorer InjectHTMLStream code execution
[80355] Microsoft Word RTF code execution
[80310] Microsoft Internet Explorer CHTML code execution
[80149] Microsoft Office OneNote code execution
[79998] Microsoft Excel file code execution
[79997] Microsoft Visio code execution
[79996] Microsoft Publisher code execution
[79990] Microsoft Excel xls code execution
[79749] Microsoft Internet Explorer multiple unspecified code execution
[79748] Microsoft Internet Explorer memory code execution
[79692] Microsoft .NET Framework reflection privilege escalation
[79691] Microsoft .NET Framework Web proxy code execution
[79690] Microsoft .NET Framework DLL code execution
[79689] Microsoft .NET Framework output information disclosure
[79688] Microsoft .NET Framework reflection privilege escalation
[79686] Microsoft Internet Explorer CTreeNode code execution
[79685] Microsoft Internet Explorer CTreePos code execution
[79684] Microsoft Internet Explorer CFormElement code execution
[79674] Microsoft Excel data structure buffer overflow
[79651] Microsoft Paint .bmp denial of service
[79650] Microsoft Excel code execution
[79649] Microsoft Office Publisher denial of service
[79614] Microsoft Internet Explorer scrollIntoView code execution
[79599] Microsoft Office Picture Manager code execution
[79590] Microsoft Word .doc buffer overflow
[79492] Microsoft Internet Explorer filter cross-site scripting
[79251] Microsoft Internet Explorer CPasteCommand code execution
[79231] EMC NetWorker Module for Microsoft Applications (NMM) administrator credential disclosure
[79230] EMC NetWorker Module for Microsoft Applications (NMM) communication channel code execution
[79198] Microsoft Excel code execution
[78863] Microsoft Works RTF code execution
[78857] Microsoft SQL Server cross-site scripting
[78852] Microsoft Lync and Microsoft SharePoint privilege escalation
[78850] Microsoft Office RTF fiiles code execution
[78849] Microsoft Word PAPX code execution
[78822] Google Chrome CVE-2012-2897 Windows kernel memory corruption
[78759] Microsoft Internet Explorer cloneNode() code execution
[78758] Microsoft Internet Explorer Layout object code execution
[78757] Microsoft Internet Explorer Event Listener code execution
[78756] Microsoft Internet Explorer onMove() code execution
[78598] Microsoft Internet Explorer use-after-free code execution
[78076] Microsoft System Center Configuration Manager cross-site scripting
[78074] Microsoft Excel SST Invalid Length code execution
[78073] Microsoft Excel code execution
[78070] Microsoft System Center Operations Manager cross-site scripting
[78069] Microsoft System Center Operations Manager cross-site scripting
[77993] Microsoft Indexing Service ActiveX control denial of service
[77878] Microsoft MS-CHAP v2 information disclosure
[77361] Microsoft Visio DXF buffer overflow
[77359] Microsoft Internet Information Services FTP information disclosure
[77358] Microsoft Internet Information Services log files information disclosure
[77351] Microsoft Office CGM code execution
[77345] Microsoft Internet Explorer virtual function table code execution
[77344] Microsoft Internet Explorer null object code execution
[77343] Microsoft Internet Explorer layout memory code execution
[77324] Microsoft Visual Studio Team Foundation Server cross-site scripting
[77317] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow
[77316] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow
[76807] Microsoft Office for Mac privilege escalation
[76743] Microsoft .NET Framework tilde denial of service
[76723] Microsoft Internet Explorer attribute code execution
[76722] Microsoft Internet Explorer cached code execution
[76717] Microsoft Data Access Components XML code execution
[76716] Microsoft IIS FTP denial of service
[76710] Microsoft SharePoint JavaScript cross-site scripting
[76709] Microsoft SharePoint URL spoofing
[76708] Microsoft SharePoint JavaScript cross-site scripting
[76706] Microsoft SharePoint scriptresx.ashx cross-site scripting
[76664] Microsoft IIS tilde information disclosure
[76339] XAMPP for Windows cds.php and perlinfo.pl cross-site scripting
[76338] XAMPP for Windows cds.php SQL injection
[76306] Opera pop-up windows code execution
[76185] Microsoft Internet Information Server ASPX information disclosure
[76184] Microsoft Internet Information Server INDEX_ALLOCATION security bypass
[76183] Microsoft Internet Information Server INDEX_ALLOCATION security bypass
[76182] Microsoft Internet Information Server request security bypass
[75983] MapServer for Windows Apache file include
[75977] Microsoft WordPad .doc denial of service
[75962] Microsoft Internet Explorer Scrolling Events information disclosure
[75961] Microsoft Internet Explorer OnRowsInserted Event code execution
[75960] Microsoft Internet Explorer insertRow code execution
[75959] Microsoft Internet Explorer insertAdjacentText code execution
[75958] Microsoft Internet Explorer OnBeforeDeactivate Event code execution
[75957] Microsoft Internet Explorer Title Element Change code execution
[75956] Microsoft Internet Explorer Col Element code execution
[75955] Microsoft Internet Explorer same id property code execution
[75954] Microsoft Internet Explorer Developer Toolbar code execution
[75953] Microsoft Internet Explorer process memory information disclosure
[75952] Microsoft Internet Explorer EUC-JP character information disclosure
[75950] Microsoft Internet Explorer Center Element code execution
[75948] Microsoft Visual Basic for Applications DLL code execution
[75941] Microsoft .NET Framework function code execution
[75925] Microsoft Dynamics AX Enterprise Portal cross-site scripting
[75904] Microsoft Lync HTML information disclosure
[75903] Microsoft Lync DLL code execution
[75163] Microsoft Visual Studio linker buffer overflow
[75135] Microsoft Silverlight XAML code execution
[75134] Microsoft .NET Framework index denial of service
[75133] Microsoft .NET Framework buffer code execution
[75122] Microsoft Office RTF code execution
[75119] Microsoft Excel series record code execution
[75118] Microsoft Excel MergeCells buffer overflow
[75117] Microsoft Excel SXLI code execution
[75115] Microsoft Visio Viewer memory code execution
[75098] Microsoft .NET Framework EncoderParameter buffer overflow
[74555] Microsoft Office WPS Converter buffer overflow
[74383] Microsoft Internet Explorer VML code execution
[74382] Microsoft Internet Explorer SelectAll code execution
[74381] "Microsoft Internet Explorer OnReadyStateChange code execution"
[74380] Microsoft Internet Explorer JScript9 code execution
[74379] Microsoft Internet Explorer HTML page code execution
[74377] Microsoft .NET Framework parameter code execution
[74376] Microsoft .NET Framework input code execution
[74375] Microsoft .NET Framework serialization code execution
[74368] Microsoft Forefront Unified Access Gateway information disclosure
[74367] Microsoft Forefront Unified Access Gateway spoofing
[73870] Microsoft Internet Explorer Protected Mode denial of service
[73869] Microsoft Internet Explorer unspecified buffer overflow
[73539] Microsoft DirectWrite denial of service
[73537] Microsoft Visual Studio privilege escalation
[73535] Microsoft Expression Design code execution
[73029] Microsoft Internet Explorer BODY denial of service
[72938] Skype for Windows unspecified
[72886] Microsoft SharePoint wizardlist.aspx cross-site scripting
[72885] Microsoft SharePoint themeweb.aspx cross-site scripting
[72884] Microsoft SharePoint inplview.aspx cross-site scripting
[72872] Microsoft Excel bytes code execution
[72871] Microsoft Excel OBJECTLINK record code execution
[72870] Microsoft Excel file code execution
[72864] Microsoft Visio attributes code execution
[72863] Microsoft Visio code execution
[72862] Microsoft Visio Viewer code execution
[72861] Microsoft Visio attributes code execution
[72860] Microsoft Visio Viewer code execution
[72848] Microsoft .NET Framework buffer overflow
[72847] Microsoft .NET Framework and Microsoft Silverlight unmanaged objects code execution
[72845] Microsoft Internet Explorer VML code execution
[72844] Microsoft Internet Explorer memory information disclosure
[72843] Microsoft Internet Explorer HtmlLayout code execution
[72842] Microsoft Internet Explorer copy and paste information disclosure
[72028] Microsoft ASP.NET forms authentication open redirect
[72027] Microsoft ASP.NET forms authentication security bypass
[72026] Microsoft ASP.NET forms authentication ticket caching privilege escalation
[71990] Microsoft Anti-Cross Site Scripting Library security bypass
[71989] Microsoft ASP.NET CaseInsensitiveHashProvider.getHashCode() function denial of service
[71817] Microsoft Internet Explorer CSS information disclosure
[71813] Microsoft Internet Explorer getComputedStyle information disclosure
[71808] Microsoft .NET Framework SaveAs() security bypass
[71635] Microsoft Internet Explorer cache objects information disclosure
[71561] Microsoft Excel record memory code execution
[71556] Microsoft PowerPoint record code execution
[71555] Microsoft PowerPoint DLL code execution
[71547] Microsoft Time binary code execution
[71545] Microsoft Internet Explorer Content-Disposition information disclosure
[71544] Microsoft Internet Explorer HTML DLL code execution
[71543] Microsoft Internet Explorer cross-site scripting filter information disclosure
[71541] Microsoft Publisher memory code execution
[71540] Microsoft Publisher pointer code execution
[71539] Microsoft Publisher out-of-bounds code execution
[71537] Microsoft Word memory code execution
[71200] Mozilla Firefox and Thunderbird Windows D2D security bypass
[71117] Microsoft Excel vbscript macro code execution
[70565] Microsoft Publisher pubconv.dll buffer overflow
[70564] WebKit DOM windows cross-site scripting
[70337] OpenOffice.org Microsoft Word .doc sprm file parser denial of service
[70148] Microsoft Host Integration Server UDP denial of service
[70139] Microsoft Office IME privilege escalation
[70128] Microsoft Internet Explorer Body Element code execution
[70126] "Microsoft Internet Explorer Jscript9.dll code execution"
[70125] Microsoft Internet Explorer Onload Event code execution
[70124] Microsoft Internet Explorer Option Element code execution
[70123] "Microsoft Internet Explorer OLEAuto32.dll code execution"
[70122] Microsoft Internet Explorer Scroll Event code execution
[70107] Microsoft Forefront Unified Access Gateway NULL denial of service
[70106] Microsoft Forefront Unified Access Gateway applet code execution
[70105] Microsoft Forefront Unified Access Gateway cross-site scripting
[70104] Microsoft Forefront Unified Access Gateway ExcelTable cross-site scripting
[70103] Microsoft Forefront Unified Access Gateway ExcelTable response splitting
[69863] Google Chrome Windows Media Player plug-in unspecified
[69826] Microsoft SharePoint Server Source open redirect
[69500] Microsoft Office object pointer code execution
[69499] Microsoft Office DLL code execution
[69497] Microsoft Excel integer code execution
[69496] Microsoft Excel expression code execution
[69495] Microsoft Excel records code execution
[69494] Microsoft Excel array code execution
[69493] Microsoft Excel WriteAV code execution
[69344] Microsoft compound document detected
[69293] Microsoft Internet Explorer HTTPS security bypass
[69229] Mozilla Firefox, Thunderbird, and SeaMonkey Windows D2D hardware acceleration security bypass
[69214] Microsoft Internet Explorer Iedvtool.dll denial of service
[68855] HP Arcsight Connector Appliance Windows Event Log SmartConnector privilege escalation
[68835] Microsoft SharePoint EditForm.aspx cross-site scripting
[68834] Microsoft SharePoint cross-site scripting
[68832] Microsoft Chart control information disclosure
[68828] Microsoft .NET Framework socket information disclosure
[68826] Microsoft Report Viewer information disclosure
[68822] Microsoft Internet Explorer style code execution
[68821] Microsoft Internet Explorer xslt code execution
[68820] Microsoft Internet Explorer character sequences information
[68819] Microsoft Internet Explorer telnet URI code execution
[68818] Microsoft Internet Explorer event handlers information disclosure
[68817] Microsoft Internet Explorer race condition code execution
[68811] Microsoft Visio pStream code execution
[68810] Microsoft Visio Move Around the Block code execution
[68786] Microsoft Internet Explorer EUC-JP cross-site scripting
[68554] Citrix Access Gateway Plug-in for Windows ActiveX control buffer overflow
[68498] Microsoft Internet Explorer memory layout information disclosure
[68226] Apple Mac OS X QuickLook Microsoft Office files code execution
[68024] Microsoft Office XP remote code execution
[68007] Microsoft Word wdGetApplicationObject() code execution
[67991] Microsoft Lync Server ReachJoin.aspx command execution
[67954] Microsoft Internet Explorer HTTP redirect code execution
[67953] Microsoft Internet Explorer selection object code execution
[67952] Microsoft Internet Explorer layout code execution
[67951] Microsoft Internet Explorer drag and drop information disclosure
[67950] Microsoft Internet Explorer DOM code execution
[67949] Microsoft Internet Explorer time element code execution
[67948] Microsoft Internet Explorer drag and drop code execution
[67947] Microsoft Internet Explorer toStaticHTML API information disclosure
[67946] Microsoft Internet Explorer DOM code execution
[67945] Microsoft Internet Explorer link properties code execution
[67944] Microsoft Internet Explorer Web pages information disclosure
[67890] Microsoft Internet Explorer cross-zone drag-and-drop information disclosure
[67761] Microsoft XML Editor Web Service Discovery information disclosure
[67752] Microsoft .NET Framework and Microsoft Silverlight XAML code execution
[67736] Microsoft Forefront Threat Management Gateway TMG Firewall Client buffer overflow
[67717] Microsoft Excel WriteAV code execution
[67716] Microsoft Excel WriteAV code execution
[67715] Microsoft Excel information code execution
[67714] Microsoft Excel record information buffer overflow
[67713] Microsoft Excel record buffer overflow
[67712] Microsoft Excel array code execution
[67711] Microsoft Excel information code execution
[67710] Microsoft Excel Excel record code execution
[67662] Symantec Backup Exec for Windows Servers communication man-in-the-middle
[67411] Microsoft .NET Framework JIT compiler code execution
[67301] Microsoft PowerPoint presentation code execution
[67300] Microsoft PowerPoint presentation code execution
[66991] Microsoft Internet Explorer CSS address bar spoofing
[66976] HP Insight Control Performance Management for Windows unspecified cross-site requets forgery
[66975] HP Insight Control Performance Management for Windows unspecified privilege escalation
[66847] Microosft Windows WebDAV code execution
[66729] Microsoft HTML Help CHM buffer overflow
[66710] Microsoft Reader aud_file.dll code execution
[66709] Microsoft Reader eBook buffer overflow
[66708] Microsoft Reader msreader.exe buffer overflow
[66544] A Microsoft FAX cover sheet has been detected
[66435] Microsoft Internet Explorer Javascript information disclosure
[66434] Microsoft Internet Explorer frame tag information disclosure
[66433] Microsoft Internet Explorer layout code execution
[66426] Microsoft Office DLL code execution
[66393] Microsoft WordPad code execution
[66137] Microsoft Source Code Analyzer for SQL injection privilge escalation
[66066] Windows Movie Maker .avi buffer overflow
[66064] Microsoft Internet Explorer unspecified code execution
[66063] Microsoft Internet Explorer unspecified code execution
[66062] Microsoft Internet Explorer unspecified code execution
[66025] Microsoft Internet Explorer XSLT information disclosure
[65918] Microsoft Internet Explorer address bar spoofing
[65867] Microsoft Visual Studio project file buffer overflow
[65626] Microsoft Malware Protection Engine privilege escalation
[65587] Microsoft Excel data code execution
[65586] Microsoft Excel memory record buffer overflow
[65585] Microsoft Excel memory corruption code execution
[65584] Microsoft Excel WriteAV code execution
[65583] Microsoft Excel memory buffer overflow
[65582] Microsoft Excel buffer code execution
[65579] Microsoft PowerPoint persist directory code execution
[65578] Microsoft PowerPoint Techno-color code execution
[65572] Microsoft Office Groove DLL code execution
[65192] Microsoft PowerPoint OfficeArt code execution
[65191] Microsoft Office graphic code execution
[65190] Microsoft Excel Axis properties code execution
[65188] Microsoft Excel art object code execution
[65187] Microsoft Excel object code execution
[64924] Microsoft Visio data type code execution
[64923] Microsoft Visio object code execution
[64913] Microsoft Internet Explorer DLL code execution
[64912] Microsoft Internet Explorer code execution
[64911] Microsoft Internet Explorer code execution
[64908] Microsoft .NET Framework JIT code execution
[64903] Microsoft DirectShow DLL code execution
[64571] Microsoft Internet Explorer GUI weak security
[64482] Microsoft Internet Explorer ReleaseInterface() code execution
[64341] Microsoft Data Access Components (MDAC) ADO record code execution
[64340] Microsoft Data Access Components (MDAC) ODBC buffer overflow
[64250] Microsoft WMI Administrative Tools ActiveX control (WBEMSingleView.ocx) code execution
[64248] Microsoft Internet Information Services TELNET_STREAM_CONTEXT::OnSendData buffer overflow
[64196] HAURI Windows Server and ViRobot Desktop VRsecos.sys privilege escalation
[64083] Microsoft Foundation Class DLL code execution
[64075] Windows Live Mail dynamic-linked library (dwmapi.dll) code execution
[63915] Microsoft Data Access Objects (DAO) dynamic-linked library (DLL) code execution
[63879] Windows Server 2008 Color Control Panel dynamic-linked library (DLL) code execution
[63866] Microsoft Visio dynamic-linked library (DLL) code execution
[63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
[63815] Microsoft Remote Desktop Protocol dynamic-linked library (ieframe.dll) code execution
[63802] Microsoft Visio dynamic-linked library (dwmapi.dll) code execution
[63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
[63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
[63749] Microsoft Internet Explorer CSS code execution
[63581] Microsoft Address Book insecure library loading code execution
[63572] Microsoft Exchange Server RPC denial of service
[63557] Microsoft Internet Explorer information disclosure
[63556] Microsoft Internet Explorer element code execution
[63555] Microsoft Internet Explorer HTML element code execution
[63553] Microsoft Internet Explorer object code execution
[63552] Microsoft Internet Explorer script information disclosure
[63551] Microsoft Internet Explorer HTML object code execution
[63545] Microsoft Sharepoint SOAP code execution
[63543] Microsoft Publisher array indexing memory corruption code execution
[63542] Microsoft Publisher memory corruption code execution
[63541] Microsoft Publisher pubconv.dll code execution
[63540] Microsoft Publisher pubconv.dll buffer overflow
[63539] Microsoft Publisher pubconv.dll code execution
[63536] Microsoft Office FlashPix code execution
[63535] Microsoft Office FlashPix buffer overflow
[63534] Microsoft Office TIFF image code execution
[63533] Microsoft Office TIFF image files
[63532] Microsoft Office TIFF image buffer overflow
[63531] Microsoft Office PICT code execution
[63530] Microsoft Office CGM Image buffer overflow
[63514] Microsoft Outlook file attachment denial of service
[62962] Microsoft Internet Explorer invalid flag code execution
[62886] HP Insight Control Performance Management for Windows unspecified privilege escalation
[62885] HP Insight Control Performance Management for Windows unspecified cross-site request forgery
[62884] HP Insight Control Performance Management for Windows unspecified cross-site scripting
[62883] HP Insight Control Performance Management for Windows information disclosure
[62864] HP Insight Recovery for Windows information disclosure
[62863] HP Insight Recovery for Windows unspecified cross-site scripting
[62862] HP Insight Orchestration for Windows information disclosure
[62861] HP Insight Orchestration for Windows unauthorized access
[62860] HP Insight Managed System Setup Wizard for Windows information disclosure
[62804] Microsoft Forefront Unified Access Gateway Sginurl.asp cross-site scripting
[62803] Microsoft Forefront Unified Access Gateway Mobile Portal cross-site scripting
[62802] Microsoft Forefront Unified Access Gateway Web monitor cross-site scripting
[62801] Microsoft Forefront Unified Access Gateway spoofing
[62792] Microsoft PowerPoint underflow code execution
[62791] Microsoft PowerPoint PowerPoint buffer overflow
[62788] Microsoft Office DLL code execution
[62787] Microsoft Office SPID code execution
[62786] Microsoft Office drawing code execution
[62785] Microsoft Office art drawing code execution
[62784] Microsoft Office RTF buffer overflow
[62783] HP Insight Control Server Migration for Windows unauthorized access
[62782] HP Insight Control Server Migration for Windows unspecified privilege escalation
[62781] HP Insight Control Server Migration for Windows unspecified cross-site scripting
[62778] HP Insight Control Power Management for Windows unspecified cross-site request forgery
[62777] HP Insight Control Power Management for Windows unspecified cross-site scripting
[62728] Microsoft Internet Explorer window.onerror information disclosure
[62469] Oracle Sun Products Directory Server Enterprise Edition Identity Synchronization for Windows unspecified
[62259] Novell Client for Windows ActiveX control denial of service
[62186] Microsoft Internet Information Services directory names code execution
[62146] Microsoft .NET Framework JIT compiler code execution
[62128] Microsoft Foundation Class (MFC) library title buffer overflow
[62117] Microsoft Excel ghost record type parsing code execution
[62116] Microsoft Excel out-of-bounds memory write in parsing code execution
[62115] Microsoft Excel real time data array record code execution
[62114] Microsoft Excel extra out of boundary record parsing code execution
[62113] Microsoft Excel negative future function code execution
[62112] Microsoft Excel merge cell record pointer code execution
[62111] Microsoft Excel out of bounds array code execution
[62110] Microsoft Excel formula biff record code execution
[62109] Microsoft Excel formula substream memory corruption code execution
[62108] Microsoft Excel Lotus 1-2-3 file parsing code execution
[62107] Microsoft Excel file format parsing code execution
[62106] Microsoft Excel record parsing memory corruption code execution
[62105] Microsoft Excel record parsing integer overflow code execution
[62097] Microsoft Word Word file code execution
[62096] Microsoft Word file code execution
[62095] Microsoft Word indexes code execution
[62094] Microsoft Word records buffer overflow
[62093] Microsoft Word pointers code execution
[62090] Microsoft Internet Explorer deleted object code execution
[62089] Microsoft Internet Explorer script information disclosure
[62088] Microsoft Internet Explorer deleted object code execution
[62087] Microsoft Internet Explorer object code execution
[62086] Microsoft Internet Explorer Anchor element information disclosure
[62085] Microsoft Internet Explorer deleted object code execution
[62084] Microsoft Internet Explorer CSS information disclosure
[62083] Microsoft Internet Explorer toStaticHTML API information disclosure
[62082] Microsoft Internet Explorer AutoComplete information disclosure
[62079] Microsoft Word bookmarks code execution
[62078] Microsoft Word return values code execution
[62077] Microsoft Word stack code execution
[62076] Microsoft Word index code execution
[62075] Microsoft Word boundary check code execution
[62074] Microsoft Word pointer code execution
[61937] Microsoft Word MSO.dll denial of service
[61916] Microsoft DRM technology ActiveX control code execution
[61913] Microsoft Internet Explorer toStaticHTML cross-site scripting
[61898] Microsoft ASP.NET padding information disclosure
[61894] Microsoft Paint BMP denial of service
[61636] Microsoft Exchange Server Outlook Web Access cross-site request forgery
[61516] Microsoft WordPad Word 97 code execution
[61513] Microsoft Internet Information Services (IIS) URL authentication bypass
[61512] Microsoft Internet Information Services request header buffer overflow
[61511] Microsoft Internet Information Services repeated POST denial of service
[61509] Microsoft Outlook Online Mode buffer overflow
[61393] Google Chrome Windows kernel unspecified
[61067] Windows Live Messenger animation denial of service
[60802] Google Chrome Windows kernel unspecified
[60739] Microsoft Internet Explorer frame.frameBorder denial of service
[60735] Microsoft .NET Framework CLR code execution
[60733] Microsoft Word HTML linked objects code execution
[60732] Microsoft Word RTF buffer overflow
[60731] Microsoft Word RTF code execution
[60730] Microsoft Word record code execution
[60727] Microsoft Excel Excel file code execution
[60712] Microsoft Internet Explorer uninitialized memory corruption code execution
[60711] Microsoft Internet Explorer uninitialized memory corruption code execution
[60710] Microsoft Internet Explorer race condition memory corruption code execution
[60709] Microsoft Internet Explorer uninitialized memory corruption code execution
[60708] Microsoft Internet Explorer uninitialized memory corruption code execution
[60707] Microsoft Internet Explorer mouse information disclosure
[60561] Microsoft Exchange Server Outlook Web Access cross-site request forgery
[60522] Microsoft Clip Organizer ActiveX control denial of service
[60478] A file containing Microsoft LNK data was detected
[60290] HP Insight Orchestration for Windows unauthorized access
[60289] HP Virtual Connect Enterprise Manager for Windows unspecified cross-site scripting
[60288] HP Insight Control Server Migration for Windows unspecified cross-site request forgery
[60287] HP Insight Control Server Migration for Windows unauthorized access
[60286] HP Insight Control Power Management for Windows unauthorized access
[60164] Microsoft Exchange Server OWA cross-site request forgery
[60156] Microsoft Word Word file code execution
[59948] Microsoft Internet Explorer mshtml.dll information disclosure
[59894] Microsoft Outlook SMB code execution
[59889] Microsoft Office ActiveX control code execution
[59768] Microsoft Internet Explorer IFRAME information disclosure
[59088] Microsoft Internet Explorer nntp:// URIs denial of service
[59087] Microsoft Internet Explorer news:// URIs denial of service
[59069] Microsoft Internet Explorer CSS expression denial of service
[59060] Microsoft ASP.NET view state cross-site scripting
[59057] Microsoft ASP.NET EnableViewStateMac cross-site scripting
[59055] Microsoft ASP.NET InnerHtml property cross-site scripting
[58954] Microsoft Dynamics GP password security bypass
[58912] Microsoft Excel Office XML privilege escalation
[58911] Microsoft Excel ADO code execution
[58910] Microsoft Excel string code execution
[58909] Microsoft Excel stack code execution
[58908] Microsoft Excel EDG code execution
[58907] Microsoft Excel Excel code execution
[58906] Microsoft Excel HFPicture code execution
[58905] Microsoft Excel Excel file code execution
[58904] Microsoft Excel RTD code execution
[58903] Microsoft Excel Excel code execution
[58902] Microsoft Excel format code execution
[58901] Microsoft Excel chart sheet substreams code execution
[58900] Microsoft Excel object buffer overflow
[58899] Microsoft Excel record code execution
[58890] Microsoft SharePoint help page denial of service
[58870] Microsoft Internet Explorer deleted object code execution
[58869] Microsoft Internet Explorer IE8 Developer Toolbar code execution
[58868] Microsoft Internet Explorer HTML element code execution
[58867] Microsoft Internet Explorer object code execution
[58866] Microsoft Internet Explorer toStaticHTML information disclosure
[58864] Microsoft Internet Information Services (IIS) authentication code execution
[58862] Microsoft Office COM code execution
[58835] Microsoft Outlook Web Access (OWA) id cross-site scripting
[58833] Microsoft Dynamics GP cipher information disclosure
[58757] Microsoft Internet Explorer IFRAME element denial of service
[58506] HP Insight Control server migration for Windows cross-site scripting
[58496] Microsoft Internet Explorer Invisible Hand extension information disclosure
[58346] Microsoft Visio DXF buffer overflow
[58170] Microsoft Visual Basic for Applications (VBA) ActiveX control buffer overflow
[58044] Microsoft Internet Explorer filter cross-site scripting
[57990] Microsoft Internet Explorer XML unspecified
[57978] Microsoft wireless keyboard XOR weak security
[57783] DWG Windows FTP Server security bypass
[57581] Microsoft Office Communicator SIP INVITE denial of service
[57401] Microsoft Internet Explorer data structures denial of service
[57387] Apple iTunes for Windows installation privilege escalation
[57373] Microsoft MPEG Layer-3 buffer overflow
[57340] Microsoft Visio index code execution
[57339] Microsoft Visio attributes code execution
[57338] Microsoft Internet Explorer 8 Developer Tools code execution
[57327] Microsoft Office PublisherTextBox buffer overflow
[57307] Microsoft Internet Explorer deleted object code execution
[57306] Microsoft Internet Explorer URL code execution
[57305] Microsoft Internet Explorer domain information disclosure
[57304] Microsoft Internet Explorer HTML object code execution
[57303] Microsoft Internet Explorer HTML object code execution
[57302] Microsoft Internet Explorer deleted object code execution
[57301] Microsoft Internet Explorer object code execution
[57300] Microsoft Internet Explorer strings information disclosure
[57299] Microsoft Internet Explorer object code execution
[57197] Microsoft Internet Explorer unspecified code execution
[57196] Microsoft Internet Explorer base address buffer overflow
[56994] Microsoft Virtual PC and Microsoft Virtual Server Virtual Machine Monitor security bypass
[56856] Skype for Windows skypePM.exe file deletion
[56809] Skype for Windows URI handler information disclosure
[56808] Microsoft Office AccWizObjects code execution
[56772] Microsoft Internet Explorer use-after-free code execution
[56651] Microsoft Internet Information Services DNS cross-site scripting
[56597] Microsoft Sharepoint Upload.aspx cross-site scripting
[56469] Microsoft Excel DbOrParamQry code execution
[56468] Microsoft Excel XLSX code execution
[56467] Microsoft Excel FNGROUPNAME code execution
[56466] Microsoft Excel MDXSET buffer overflow
[56465] Microsoft Excel MDXTUPLE buffer overflow
[56464] Microsoft Excel object type code execution
[56463] Microsoft Excel record memory code execution
[56460] Microsoft Movie Maker and and Microsoft Producer buffer overflow
[56431] Microsoft Internet Explorer CSS stylesheets information disclosure
[56241] OpenOffice.org Microsoft Word file sprmTSetBrc buffer overflow
[56240] OpenOffice.org Microsoft Word file sprmTDefTable buffer overflow
[56093] Microsoft Internet Explorer URLMON security bypass
[55931] Microsoft Office Office files buffer overflow
[55929] Microsoft DirectShow AVI file buffer overflow
[55927] Microsoft Paint JPEG integer overflow
[55915] Microsoft Data Analyzer ActiveX Control code execution
[55900] Microsoft Internet Explorer createElement denial of service
[55889] Microsoft PowerPoint ViewerTextCharsAtom buffer overflow
[55888] Microsoft PowerPoint Viewer TextBytesAtom buffer overflow
[55887] Microsoft PowerPoint OEPlaceholderAtom code execution
[55886] Microsoft PowerPoint placementId code execution
[55885] Microsoft PowerPoint LinkedSlideAtom buffer overflow
[55884] Microsoft PowerPoint file path buffer overflow
[55863] Microsoft Internet Explorer multiple unspecified denial of service
[55817] Windows Live Messenger ActiveX Control buffer overflow
[55778] Microsoft Internet Explorer object memory code execution
[55777] Microsoft Internet Explorer uninitialized code execution
[55776] Microsoft Internet Explorer deleted object code execution
[55775] Microsoft Internet Explorer initialized memory code execution
[55774] Microsoft Internet Explorer deleted object code execution
[55773] Microsoft Internet Explorer URL code execution
[55676] Microsoft Internet Explorer ActiveX Control code execution
[55642] Microsoft Internet Explorer freed object code execution
[55483] Windows Live Messenger ActiveX control ViewProfile() denial of service
[55308] Microsoft Internet Information Services colon security bypass
[55154] Microsoft Silverlight code execution
[55031] Microsoft Internet Information Services (IIS) filenames security bypass
[54935] Wireshark Windows IPMI dissector denial of service
[54463] Microsoft Internet Explorer cross-site scripting filter information disclosure
[54444] Microsoft WordPad and Office Text Converter Word 97 file code execution
[54423] Microsoft Office Project project code execution
[54421] Microsoft Internet Explorer deleted object code execution
[54420] Microsoft Internet Explorer uninitialized object code execution
[54418] Microsoft Internet Explorer uninitialized object code execution
[54399] Microsoft Internet Explorer PDF information disclosure
[54367] Microsoft Internet Explorer CSS/Style code execution
[54317] Microsoft Internet Explorer setHomePage denial of service
[54234] Sun Java SE Windows Pluggable Look and Feel unspecified
[54011] Microsoft Excel field code execution
[54010] Microsoft Excel Excel records code execution
[54009] Microsoft Excel Excel formulas code execution
[54008] Microsoft Excel cell code execution
[54007] Microsoft Excel BIFF records buffer overflow
[54006] Microsoft Excel Featheader code execution
[54005] Microsoft Excel SxView code execution
[54004] Microsoft Excel cache code execution
[53976] Microsoft Word Word file code execution
[53955] Microsoft SharePoint download feature information disclosure
[53937] Sun Solaris XScreenSaver popup windows information disclosure
[53601] Microsoft Office 2008 for Mac user ID 502 security bypass
[53543] Microsoft Internet Explorer uninitialized object code execution
[53542] Microsoft Internet Explorer uninitialized code execution
[53539] Microsoft Internet Explorer arguments code execution
[53538] Microsoft Internet Explorer data stream headers code execution
[53532] Microsoft Office BMP image code execution
[53520] Microsoft Server Message Block (SMB) Protocol software command value code execution
[53519] Microsoft Server Message Block (SMB) Protocol software denial of service
[53417] Microsoft Internet KEYGEN denial of service
[53414] Microsoft Internet window.print denial of service
[53034] Microsoft Internet Information Services (IIS) directory listings denial of service
[53005] Microsoft Internet Explorer window.open() spoofing
[52926] Sophos PureMessage for Microsoft Exchange anti-virus and anti-spam unspecified vulnerability
[52925] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe denial of service
[52915] Microsoft Internet Information Services (IIS) FTP buffer overflow
[52897] Microsoft Internet Explorer JavaScript code denial of service
[52889] Windows File Parameter Alteration
[52870] Microsoft Internet Explorer integer value denial of service
[52780] Microsoft .NET Framework CLR code execution
[52765] Microsoft Internet Explorer XML denial of service
[52762] Microsoft Internet Explorer Unicode string denial of service
[52722] Microsoft Internet Explorer DIV element denial of service
[52590] Microsoft Internet Explorer JavaScript SetAttribute denial of service
[52276] Solaris XScreenSaver Xorg popup windows information disclosure
[52273] Windows Security Support Provider Interface credential forwarding
[52249] Microsoft Internet Explorer mshtml.dll denial of service
[52243] Microsoft IIS With .NET Path Disclosure
[52241] Microsoft IIS servervariables_vbscript.asp Information Disclosure
[52240] Microsoft IIS Sample Application Physical Path Disclosure
[52238] Microsoft FrontPage Server Extensions Vital Information Leakage
[52237] Microsoft FrontPage Server Extensions To Do List Found
[52236] Microsoft FrontPage Server Extensions Machine Name Disclosure
[52235] Microsoft FrontPage Configuration Information Leakage
[52234] Microsoft FrontPage '_vti_cnf' Information Leakage
[52233] Microsoft IIS With .NET Path Disclosure
[52106] Microsoft Message Queuing Service (MSMQ) IOCTL privilege escalation
[52105] Microsoft Office Web Components ActiveX control buffer overflow
[52087] Microsoft Active Template Library (ATL) variant code execution
[52052] Microsoft Internet Explorer Active Template Library (ATL) ActiveX control killbit security bypass
[52051] Microsoft Internet Explorer deleted objects code execution
[52050] Microsoft Internet Explorer table operations code execution
[52049] Microsoft Internet Explorer memory object code execution
[52048] Microsoft Active Template Library (ATL) NULL string information disclosure
[52047] Microsoft Active Template Library (ATL) object code execution
[52044] Microsoft Active Template Library (ATL) header code execution
[51972] Windows Live Messenger Marcelo Costa FileServer directory traversal
[51637] Microsoft Internet Explorer AddFavorite buffer overflow
[51616] Microsoft Internet Explorer cached certificate weak security
[51552] Microsoft Internet Explorer Refresh header cross-site scripting
[51467] Microsoft ISA Server Radius One Time Password (OTP) privilege escalation
[51464] Microsoft Virtual PC and Microsoft Virtual Server privilege escalation
[51461] Microsoft DirectX DirectShow code execution
[51460] Microsoft Publisher pointer dereference code execution
[51458] Microsoft DirectX QuickTime code execution
[51454] Microsoft Office Web Components ActiveX control buffer overflow
[51452] Microsoft Office Web Components ActiveX control HTML code execution
[51451] Microsoft Office Web Components ActiveX control code execution
[51378] Microsoft Internet Explorer connect response weak security
[51186] Microsoft Internet Explorer https security bypass
[50849] ATEN KH1516i and KN9116 IP KVM switch Windows and Java client RSA cryptography weak security
[50831] Microsoft DirectX quartz.dll code execution
[50794] Microsoft Word Word file buffer overflow
[50793] Microsoft Word Word file buffer overflow
[50790] Microsoft Excel record pointer code execution
[50789] Microsoft Excel record integer overflow
[50788] Microsoft Excel field code execution
[50787] Microsoft Excel string buffer overflow
[50786] Microsoft Excel array indexing code execution
[50785] Microsoft Excel object record code execution
[50784] Microsoft Excel pointer code execution
[50775] Microsoft Internet Explorer HTML objects code execution
[50774] Microsoft Internet Explorer HTML objects code execution
[50773] Microsoft Internet Explorer HTML objects code execution
[50772] Microsoft Internet Explorer object access code execution
[50771] Microsoft Internet Explorer HTML code execution
[50770] Microsoft Internet Explorer DHTML code execution
[50769] Microsoft Internet Explorer cached data cross-domain security bypass
[50764] Microsoft Print Spooler service information disclosure
[50756] Microsoft Office Converter buffer overflow
[50633] HP System Management Homepage (SMH) for Linux and Windows unspecified cross-site scripting
[50573] Microsoft Internet Information Services (IIS) WebDAV security bypass
[50553] Dream Windows MaxCMS inc/ajax.asp SQL injection
[50529] Apple Mac OS X Microsoft Office Spotlight Importer code execution variant 1
[50494] Microsoft Internet Explorer utf-7 encoded characters cross-site scripting
[50425] Microsoft PowerPoint sound data code execution
[50354] McAfee GroupShield for Microsoft Exchange X- headers security bypass
[50350] Microsoft Internet Explorer unprintable characters denial of service
[50280] Microsoft PowerPoint atoms or data buffer overflow
[50279] Microsoft PowerPoint notes buffer overflow
[50278] Microsoft PowerPoint sound data buffer overflow
[50277] Microsoft PowerPoint name strings buffer overflow
[50276] Microsoft PowerPoint structures buffer overflow
[50275] Microsoft PowerPoint string buffer overflow
[50274] Microsoft PowerPoint sound PowerPoint 95 code execution
[50273] Microsoft PowerPoint BuildList record code execution
[50272] Microsoft PowerPoint sound data code execution
[50271] Microsoft PowerPoint sound code execution
[50270] Microsoft PowerPoint record types integer overflow
[50269] Microsoft PowerPoint record header buffer overflow
[49888] Microsoft Intelligent Application Gateway Whale Client Components ActiveX control buffer overflow
[49632] Microsoft PowerPoint index value code execution
[49575] Microsoft Wordpad Word 97 buffer overflow
[49573] Microsoft Office WordPerfect 6.x Converter code execution
[49572] Microsoft WordPad and Office Text Converter file code execution
[49567] Microsoft ISA Server and Microsoft Forefront TMG cookieauth.dll cross-site scripting
[49564] Microsoft ISAServer and Microsoft Forefront TMG Web proxy TCP state denial of service
[49559] Microsoft DirectShow MJPEG code execution
[49557] Microsoft Internet Explorer uninitialized memory code execution
[49555] Microsoft Internet Explorer deleted memory code execution
[49554] Microsoft Internet Explorer uninitialized memory code execution
[49552] Microsoft Internet Explorer page transition code execution
[49549] Microsoft Internet Explorer WinINet code execution
[49544] Microsoft Excel object code execution
[49389] Microsoft Internet Explorer unspecified code execution
[49176] IBM Tivoli Storage Manager HSM for Windows client buffer overflow
[49109] OpenBSD and Microsoft Interix fts_build function denial of service
[48875] Microsoft Excel unspecified code execution
[48815] Microsoft XML Core Services HTTPOnly Set-Cookie2 HTTP response headers information disclosure
[48810] Windows Live Messenger Charset denial of service
[48595] Microsoft Word 2007 Email as PDF information disclosure
[48576] TFTP Windows PUT request detected
[48542] Microsoft Internet Explorer onclick action click hijacking
[48528] IBM WebSphere Application Server JSP Windows information disclosure
[48337] WOW - Web On Windows ActiveX Control WriteIniFileString code execution
[48335] Microsoft Internet Explorer HTML form value denial of service
[48310] Microsoft Internet Explorer Cascading Style Sheets code execution
[48309] Microsoft Internet Explorer CFunctionPointer code execution
[48305] Microsoft Visio memory code execution
[48303] Microsoft Visio object data copy code execution
[48296] Microsoft Visio object data validation code execution
[48294] Microsoft .NET Framework Type check code execution
[48293] Microsoft .NET Framework CAS verification code execution
[48023] Windows NTP Time Server Syslog Monitor syslog message denial of service
[47974] Oracle Database SQL*Plus Windows GUI component local information disclosure
[47973] Oracle Database SQL*Plus Windows GUI component remote information disclosure
[47868] Microsoft HTML Help Workshop .hhp buffer overflow
[47818] Windows Live Messenger Now Playing Plugin (gen_msn) plugin for Winamp gen_msn.dll buffer overflow
[47788] Microsoft Internet Explorer JavaScript onload=screen attribute denial of service
[47774] Microsoft Internet Explorer Scripting.FileSystem security bypass
[47756] Microsoft Money prtstb06.dll ActiveX control denial of service
[47738] Microsoft MSN Messenger IP address information disclosure
[47671] Microsoft Exchange Server EMSMDB2 invalid MAPI commands denial of service
[47670] Microsoft Exchange Server TNEF decoding code execution
[47444] Microsoft Internet Explorer XDomainRequestAllowed header XSS filter bypass
[47443] Microsoft Internet Explorer Location and Set-Cookie HTTP header XSS filter bypass
[47442] Microsoft Internet Explorer X-XSS-Protection HTTP header XSS filter bypass
[47441] Microsoft Internet Explorer Content-Type header XSS filter bypass
[47277] Microsoft Internet Explorer CSS expression property XSS filter bypass
[47258] Sun Ray Server Software and Sun Ray Windows Connector LDAP security bypass
[47246] Microsoft Wordpad Text Converter for Word 97 buffer overflow
[47208] Microsoft Internet Explorer data binding code execution
[47182] Microsoft SQL Server sp_replwritetovarbin() buffer overflow
[46878] Microsoft Excel file record code execution
[46863] Microsoft Excel NAME record code execution
[46862] Microsoft Excel spreadsheet formula code execution
[46860] Microsoft Internet Explorer embedded object code execution
[46859] Microsoft Internet Explorer deleted object code execution
[46858] Microsoft Internet Explorer HTML objects uninitialized memory code execution
[46857] Microsoft Internet Explorer parameter validation code execution
[46854] Microsoft Office SharePoint access control privilege escalation
[46852] Microsoft Word document table property buffer overflow
[46851] Microsoft Word RTF stylesheet control word buffer overflow
[46850] Microsoft Word RTF group control word buffer overflow
[46849] Microsoft Word RTF drawing object buffer overflow
[46848] Microsoft Word RTF drawing object code execution
[46847] Microsoft Word malformed value code execution
[46846] Microsoft Word RTF polyline and polygon buffer overflow
[46731] Symantec Backup Exec for Windows Servers data management protocol buffer overflow
[46730] Symantec Backup Exec for Windows Servers Backup Exec Remote Agent security bypass
[46695] Microsoft .NET Framework SN weak security
[46673] Microsoft Communicator SIP INVITE message unspecified denial of service
[46671] Microsoft Communicator emoticon unspecified denial of service
[46628] Microsoft Active Directory username information disclosure
[46590] Microsoft Sharepoint HTML document cross-site scripting
[46309] Microsoft Debug Diagnostic Tool DebugDiag ActiveX control denial of service
[46235] Microsoft Internet Explorer high-bit address bar spoofing
[46234] Microsoft Internet Explorer non-breaking space address bar spoofing
[46189] Microsoft Visual Basic Charts ActiveX control code execution
[46187] Microsoft Visual Basic Hierarchical Flexgrid ActiveX control code execution
[46183] Microsoft Visual Basic Flexgrid ActiveX control code execution
[46178] Microsoft Visual Basic Datagrid ActiveX control code execution
[46061] Microsoft Outlook Web Access (OWA) redir.asp phishing
[45854] Microsoft Internet Explorer script origin information disclosure
[45746] Cisco Unity Microsoft API unspecified denial of service
[45735] Microsoft PicturePusher ActiveX control file upload
[45718] Microsoft Internet Explorer Extended HTML Form cross-site scripting
[45656] XAMPP for Windows cds.php and phonebook.php SQL injection
[45639] Microsoft Internet Explorer alert function denial of service
[45584] Microsoft IIS adsiis.dll ActiveX control denial of service
[45580] Microsoft Excel REPT code execution
[45579] Microsoft Excel spreadsheet BIFF file format buffer overflow
[45566] Microsoft Excel calendar object code execution
[45564] Microsoft Internet Explorer uninitialized memory code execution
[45563] Microsoft Internet Explorer componentFromPoint() code execution
[45562] Microsoft Internet Explorer event handling cross-domain security bypass
[45558] Microsoft Internet Explorer HTML cross-domain security bypass
[45556] Microsoft IAS Helper COM ActiveX control denial of service
[45555] Microsoft XML Core Services chunked transfer-encoding headers information disclosure
[45554] Microsoft XML Core Services DTD information disclosure
[45546] Microsoft Office Content-Disposition cdo:// protocol cross-site scripting
[45537] Microsoft Message Queuing RPC code execution
[45522] XAMPP for Windows adodb.php cross-site scripting
[45507] Citrix Presentation Server for Windows unspecified privilege escalation
[45420] Microsoft WordPad .doc denial of service
[45225] Microsoft Internet Explorer PNG file denial of service
[45214] Microsoft Visio installed
[45211] Microsoft Project installed
[45208] Microsoft Office installed
[45207] Microsoft Internet Explorer installed
[45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
[45007] Apple Bonjour for Windows mDNSResponder spoofing
[45005] Apple Bonjour for Windows mDNSResponder denial of service
[44993] Microsoft Organization Chart code execution
[44775] PureMessage for Microsoft Exchange PMScanner.exe denial of service
[44743] Microsoft ASP.NET ValidateRequest "
[44741] Microsoft ASP.NET ValidateRequest "
[44707] Microsoft Office OneNote file Uniform Resource Locator code execution
[44704] Microsoft Host Integration Server SNA RPC code execution
[44629] Windows Media Services ActiveX control (nskey.dll) CallHTMLHelp() method buffer overflow
[44466] Symantec VERITAS Storage Foundation for Windows VxSchedService.exe code execution
[44444] Microsoft Visual Studio Masked Edit ActiveX control buffer overflow
[44098] Microsoft Internet Explorer print preview argument code execution
[44097] Microsoft Internet Explorer table layout code execution
[44096] Microsoft Internet Explorer XHTML object code execution
[44095] Microsoft Internet Explorer object access code execution
[44094] Microsoft Internet Explorer uninitialized memory code execution
[44093] Microsoft Internet Explorer uninitialized memory code execution
[44091] Microsoft Excel COUNTRY record value code execution
[44090] Microsoft Excel FORMAT array index code execution
[44089] Microsoft Excel chart AxesSet array index code execution
[44088] Microsoft Excel credential caching unauthorized data access
[44084] Microsoft Image Color Management InternalOpenColorProfile() buffer overflow
[44078] Microsoft Event System index range code execution
[44077] Microsoft Event System user subscriptions code execution
[44069] Microsoft PowerPoint Viewer picture array index memory calculation code execution
[44066] Microsoft PowerPoint Viewer CString object integer overflow
[43950] Microsoft Internet Explorer cookie dot session hijacking
[43869] F-PROT Antivirus Microsoft Office file denial of service
[43676] Microsoft Internet Explorer frame String security bypass
[43663] Microsoft Word record parsing code execution
[43627] Microsoft Crypto API Certificate Revocation List (CRL) information disclosure
[43613] Microsoft Snapshot Viewer ActiveX control code execution
[43467] Microsoft Internet Explorer frame Object security bypass
[43460] Novell Client for Windows NWFS.SYS privilege escalation
[43413] Avaya Messaging Storage Server Windows domain parameters command execution
[43366] Microsoft Internet Explorer location and location.href security bypass
[43354] Microsoft Office WPG image filter buffer overflow
[43353] Microsoft Office BMP image filter buffer overflow
[43352] Microsoft Office PICT bits_per_pixel buffer overflow
[43329] Microsoft Exchange Outlook Web Access HTML cross-site scripting
[43328] Microsoft Exchange Outlook Web Access email fields cross-site scripting
[43180] Microsoft Visual Basic Enterprise Edition vb6stkit.dll buffer overflow
[43155] Microsoft Word unordered list code execution
[43062] VMware COM API for Windows ActiveX control (VmCOM.dll) GuestInfo() method buffer overflow
[42899] Microsoft IIS HTTP request smuggling
[42804] Microsoft Internet Explorer setRequestHeader chunk security bypass
[42692] Microsoft Internet Explorer substringData() buffer overflow
[42690] Microsoft PowerPoint list parsing code execution
[42683] Microsoft WINS network packet source privilege escalation
[42679] Microsoft Outlook Express MHTML information disclosure
[42526] Stunnel Windows privilege escalation
[42416] Microsoft Internet Explorer "
[42359] Novell Client for Windows username buffer overflow
[42338] Microsoft Internet Explorer res:// URI info disclosure
[42307] Microsoft Internet Explorer DisableCachingOfSSLPages weak security
[42301] Microsoft OWA (Outlook Web Access) no-store information disclosure
[42232] Microsoft Internet Explorer ActiveX string concatenation denial of service
[42108] Microsoft Malware Protection Engine data structure denial of service
[42107] Microsoft Malware Protection Engine file denial of service
[42102] Microsoft Publisher object handler code execution
[42100] Microsoft Word malformed CSS code execution
[42099] Microsoft Word .rtf string code execution
[41940] Microsoft HeartbeatCtl ActiveX control buffer overflow
[41934] Microsoft SharePoint Services Picture Source cross-site scripting
[41876] Microsoft Works ActiveX control (WkImgSrv.dll) code execution
[41826] Microsoft Visual InterDev .SLN file Project line buffer overflow
[41476] Microsoft Internet Explorer data stream code execution
[41464] Microsoft Internet Explorer hxvz.dll object code execution
[41462] Microsoft SQL Server memory INSERT statement buffer overflow
[41461] Microsoft SQL Server stored backup file data structure buffer overflow
[41460] Microsoft SQL Server convert() buffer overflow
[41459] Microsoft SQL Server memory page reuse information disclosure
[41452] Microsoft Visio file memory allocation code execution
[41451] Microsoft Visio object header code execution
[41447] Microsoft Project file memory allocation code execution
[41411] Microsoft Internet Explorer setRequestHeader security bypass
[41395] Apple Safari for Windows address bar spoofing
[41388] Apple Safari for Windows .ZIP file code execution
[41380] Microsoft Jet Database Engine Word file buffer overflow
[41338] Microsoft Internet Explorer CreateTextRange method denial of service
[41223] Novell GroupWise Windows client API security bypass
[41156] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe cross-site scripting
[41154] Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) utility CSuserCGI.exe buffer overflow
[41147] Microsoft Internet Explorer FTP command execution
[41102] Citrix Presentation Server Client for Windows credential information disclosure
[41070] Acronis True Image Echo Group Server Acronis True Image Windows Agent component denial of service
[41057] Microsoft Internet Explorer Java and XML information disclosure
[40932] Symantec Backup Exec for Windows Server Calendar ActiveX control file overwrite
[40926] Symantec Backup Exec for Windows Server Calendar ActiveX control buffer overflow
[40888] Microsoft Office file allocation error code execution
[40887] Microsoft Office Excel file cell parsing code execution
[40884] Microsoft Outlook mailto URI code execution
[40878] Microsoft Excel conditioning formatting code execution
[40877] Microsoft Excel rich text code execution
[40876] Microsoft Excel formula calcuation code execution
[40875] Microsoft Excel Style record data code execution
[40874] Microsoft Excel .slk file import code execution
[40873] Microsoft Excel data validation code execution
[40735] Microsoft Internet Explorer danim.dll and lmrt.dll unspecified
[40579] Microsoft Active Directory unspecified denial of service
[40577] Microsoft Internet Explorer files denial of service
[40467] Apple Mac OS X Windows File Sharing unspecified vulnerability
[40400] Microsoft DirectSpeechSynthesis Module ActiveX control buffer overflow
[40319] Microsoft Internet Explorer certificate spoofing
[40316] Microsoft Works Converter section header index table information code execution
[40314] Microsoft Publisher .pub invalid memory index code execution
[40302] Microsoft MN-500 wireless base station configuration file information disclosure
[40286] Microsoft Internet Explorer src attribute denial of service
[40283] Microsoft Internet Explorer style attribute denial of service
[40120] Skype for Windows SkypeFind cross-zone code execution
[40100] Microsoft Word malformed string code execution
[40096] Microsoft Works Converter field length information code execution
[40095] Microsoft Works Converter section length header code execution
[40092] Microsoft Publisher .pub invalid memory reference code execution
[40090] Microsoft Internet Explorer argument data handling code execution
[40089] Microsoft Internet Explorer property method code execution
[40088] Microsoft Internet Explorer HTML layout positioning combination code execution
[40087] Microsoft Internet Explorer multiple ActiveX control denial of service
[40066] Microsoft Word object code execution
[39975] Microsoft Class Package Export Tool clspack.exe buffer overflow
[39773] Microsoft Visual Basic Enterprise Edition .dsr file buffer overflow
[39755] Microsoft Visual InterDev .SLN buffer overflow
[39754] Skype for Windows cross-zone code execution
[39699] Microsoft Excel macro handling code execution
[39576] Novell Client for Windows nicm.sys privilege escalation
[39558] Microsoft FoxServer ActiveX control command execution
[39557] Microsoft Rich Textbox ActiveX control file overwrite
[39235] Microsoft IIS root folders file change notification privilege escalation
[39230] Microsoft IIS HTML encoded ASP code execution
[39209] Microsoft Word wordart denial of service
[39208] Microsoft Office Publisher multiple denial of service
[39158] Apache HTTP Server Windows SMB shares information disclosure
[39113] Apple Mac OS X Microsoft Office Spotlight Importer code execution
[39021] Microsoft Office XML document weak security
[38908] Skype for Windows skype4com URI Handler buffer overflow
[38883] Microsoft Optical Desktop information disclosure
[38826] Microsoft Internet Explorer WPAD information disclosure
[38722] Microsoft DirectX DirectShow WAV and AVI code execution
[38721] Microsoft DirectX DirectShow SAMI code execution
[38716] Microsoft Internet Explorer DHTML object code execution
[38715] Microsoft Internet Explorer element tag code execution
[38714] Microsoft Internet Explorer cloneNode and nodeValue code execution
[38713] Microsoft Internet Explorer ActiveX setExpression code execution
[38697] Wireshark SSCOP dissector denial of service vulnerable Windows version detected
[38696] Wireshark DHCP dissector denial of service vulnerable Windows version detected
[38695] Wireshark IPsec ESP preference parser off-by-one vulnerable Windows version detected
[38694] Wireshark SCSI dissector denial of service vulnerable Windows version detected
[38693] Wireshark NFS dissector buffer overflow vulnerable Windows version detected
[38691] Wireshark SSH dissector denial of service vulnerable Windows version detected
[38690] Wireshark Checkpoint FW-1 dissector format string vulnerable Windows version detected
[38677] Symantec Backup Exec for Windows Server bengine.exe denial of service
[38676] Symantec Backup Exec for Windows Server bengine.exe NULL pointer dereference denial of service
[38499] Microsoft Jet Database Engine MDB file buffer overflow
[38440] Microsoft Forms ActiveX control denial of service
[38434] Novell Client for Windows NWFILTER.SYS privilege escalation
[38432] Microsoft SAFRCFileDlg.RASetting ActiveX control buffer overflow
[38431] Windows Live Messenger connection detected
[38430] Microsoft Office Web Component OWC11.DataSourceControl ActiveX denial of service
[38336] Microsoft Internet Explorer DNS same-origin policy security bypass
[38324] Microsoft Outlook and Outlook Express URI handling command execution
[38292] Microsoft Sysinternals DebugView privilege escalation
[37261] Microsoft Internet Explorer .exe file download warning bypass
[37236] Microsoft SQL Slammer patch not installed
[37230] Microsoft SQL Server MS00-092 patch not installed
[37229] Microsoft SQL Server MS02-043 patch not installed
[37228] Microsoft SQL Server MS02-034 patch not installed
[37223] Microsoft ActiveSync weak XOR encryption
[37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
[37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
[37044] Microsoft Expression Media password information disclosure
[37035] Microsoft Visual FoxPro FPOLE.OCX ActiveX FoxDoCmd command execution
[36982] Windows Live Messenger shared image files buffer overflow
[36981] Symantec Veritas Backup Exec client for Windows Servers unspecified
[36953] Microsoft DirectX Media SDK traffic detected
[36848] Microsoft Internet Explorer OnKeyDown information disclosure
[36818] Microsoft Internet Explorer address bar spoofing
[36817] Microsoft Internet Explorer script error code execution
[36801] Microsoft Word document workspace code execution
[36715] Microsoft Internet Security and Acceleration (ISA) Server SOCKS4 information disclosure
[36572] Microsoft Visual Studio PDWizard ActiveX control code execution
[36571] Microsoft Visual Studio VB To VSI Support Library ActiveX control file overwrite
[36562] Microsoft Visual Basic .VBP file buffer overflow
[36554] Wireshark NTP dissector format string vulnerable Windows version detected
[36553] Wireshark NCP NMAS and NDPS dissector off-by-one vulnerable Windows version detected
[36552] Wireshark MOUNT dissector denial of service vulnerable Windows version detected
[36550] Wireshark XML dissector format string vulnerable Windows version detected
[36549] Wireshark MQ dissector format string vulnerable Windows version detected
[36547] Wireshark ANSI MAP dissector format string vulnerable Windows version detected
[36546] Wireshark GSM BSSMAP dissector denial of service vulnerable Windows version detected
[36537] Microsoft MSN Messenger video request detected
[36509] Microsoft SQL Server sqldmo.dll ActiveX buffer overflow
[36496] Microsoft Visual FoxPro FPOLE.OCX ActiveX control buffer overflow
[36494] Microsoft Internet Explorer saved pages cross-site scripting
[36455] HTML Microsoft Agent ActiveX detected
[36351] Microsoft Internet Explorer with SeaMonkey command execution
[36314] Microsoft MSN Messenger video conversations buffer overflow
[36302] XAMPP for Windows unspecified privilege escalation
[36128] Microsoft Internet Explorer position:relative HTML style code denial of service
[36073] Apple Safari for Windows download weak security
[36032] Cisco VPN Client for Windows cvpnd.exe privilege escalation
[36029] Cisco VPN Client for Windows Dial-up Networking Interface privilege escalation
[36027] Microsoft Internet Explorer ActiveX popup blocker denial of service
[36003] Microsoft Internet Explorer Netscape command execution
[35974] Microsoft Internet Explorer FTP username and password information disclosure
[35970] Microsoft DirectX Media SDK DXSurface.LivePicture.FLashPix.1 (DXTLIPI.DLL) ActiveX control buffer overflow
[35855] Microsoft Register Server DLL file denial of service
[35815] Microsoft Excel index value attributes code execution
[35764] Microsoft Message Queuing Service buffer overflow
[35759] Microsoft Internet Explorer pdwizard.ocx code execution
[35755] Microsoft Internet Explorer tblinf32.dll code execution
[35752] Microsoft Agent ActiveX control buffer overflow
[35749] Microsoft Internet Explorer CSS string code execution
[35579] Sun Java System Application Server Windows source disclosure
[35492] Microsoft DirectX Targa buffer overflow
[35455] Microsoft Internet Explorer Zone domain name denial of service
[35421] Microsoft Internet Explorer document.open address bar spoofing
[35346] Microsoft Internet Explorer FirefoxURL command execution
[35315] Microsoft Internet Explorer history.length information disclosure
[35217] Microsoft Excel Workspace designation code execution
[35215] Microsoft Excel active worksheet code execution
[35213] Microsoft Office Web Components DataSourceControl object code execution
[35212] Microsoft Office Web Components Spreadsheet object code execution
[35210] Microsoft Excel version code execution
[35197] Microsoft Internet Information Services URL parser buffer overflow
[35195] Microsoft XML Core Services (MSXML) memory request code execution
[35182] Microsoft Virtual PC and Virtual Server guest operating system buffer overflow
[35163] Microsoft Internet Explorer file: URI information disclosure
[35153] Microsoft Internet Explorer FTP implementation information disclosure
[35132] Microsoft Excel sheet name buffer overflow
[35118] Nessus Windows GUI cross-site scripting
[35064] Microsoft MSN Messenger SIP weak security
[34989] Microsoft Internet Explorer resource:// information disclosure
[34867] Microsoft Internet Explorer IDN authentication dialog spoofing
[34849] Microsoft Office MSODataSourceControl ActiveX control buffer overflow
[34755] Microsoft Internet Explorer Outlook Express Address Book object denial of service
[34754] Microsoft Internet Explorer MSHtmlPopupWindow object denial of service
[34720] Microsoft FrontPage Personal Web Server CERN Image Map Dispatcher buffer overflow
[34719] Microsoft FrontPage CERN Image Map Dispatcher information disclosure
[34705] Microsoft Internet Explorer location URL spoofing
[34696] Microsoft Internet Explorer page update cross-domain security bypass
[34650] Microsoft Internet Explorer Javascript src attribute denial of service
[34639] Microsoft .NET Framework JIT Compiler service buffer overflow
[34638] Microsoft .NET Framework NULL byte termination information disclosure
[34637] Microsoft .NET Framework PE Loader service buffer overflow
[34632] Microsoft Internet Explorer navigation cancel page spoofing
[34630] Microsoft Internet Explorer Speech API ActiveX control code execution
[34626] Microsoft Internet Explorer uninitialized object code execution
[34621] Microsoft Internet Explorer multiple language packs code execution
[34619] Microsoft Internet Explorer CSS tag code execution
[34610] Microsoft Visio compressed document packaging code execution
[34607] Microsoft Visio version number code execution
[34600] Microsoft VDT Database Designer VDT70.DLL ActiveX control buffer overflow
[34476] Microsoft Visual Basic Company Name buffer overflow
[34475] Microsoft Visual Basic project detail buffer overflow
[34473] Microsoft Office 2000 ActiveX control buffer overflow
[34434] Microsoft IIS Hit-highlighting security bypass
[34418] Microsoft Internet Information Server (IIS) AUX/.aspx denial of service
[34343] Microsoft SharePoint Server default.aspx PATH_INFO cross-site scripting
[33993] VMware Workstation Windows guest debugging unspecified
[33978] Microsoft Internet Explorer LF response splitting
[33915] Microsoft Excel autofilter code execution
[33914] Microsoft Excel placeholder data code execution
[33913] Microsoft Excel BIFF file format buffer overflow
[33908] Microsoft Office drawing object code execution
[33901] Microsoft Word RTF parsing code execution
[33899] Microsoft Word function call code execution
[33890] Microsoft Exchange IMAP command denial of service
[33889] Microsoft Exchange MIME base64 code execution
[33888] Microsoft Exchange iCal MODPROPS denial of service
[33887] Microsoft Exchange UTF character set cross-site scripting
[33715] Microsoft Internet Explorer unspecified JavaScript denial of service
[33713] Microsoft Word 2007 multiple unspecified denial of service
[33712] Microsoft Word 2007 wwlib.dll buffer overflow
[33673] CA ARCserve Backup for Windows detected
[33478] Multiple vendor image viewers for Windows BMP buffer overflow
[33447] Microsoft security updates not available for version of Microsoft Data Access Components
[33446] Microsoft security updates not available for Microsoft Internet Explorer version
[33415] Microsoft Internet Explorer JavaScript DNS pinning code execution
[33355] Microsoft Internet Explorer msauth.dll code execution
[33317] Microsoft Internet Explorer UTF-7 encoded URL cross-site scripting
[33265] Microsoft Agent ActiveX control Character.Load() code execution
[33256] Microsoft Internet Explorer HTML object freed memory code execution variant
[33255] Microsoft Internet Explorer HTML object freed memory code execution
[33254] Microsoft Internet Explorer CSS text style code execution
[33253] Microsoft Internet Explorer HTML object uninitialized array member code execution
[33252] Microsoft Internet Explorer chtskdic.dll COM object code execution
[33041] Microsoft Excel XML and XLS file denial of service
[33039] Microsoft Office WMF file denial of service
[32939] Microsoft Internet Explorer resizeTo denial of service
[32907] Microsoft Xbox 360 hypervisor code execution
[32906] Microsoft Xbox 360 hypervisor security bypass
[32831] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service
[32769] Microsoft Publisher .pub file memory validation code execution
[32754] Citrix Presentation Server Client for Windows ICA code execution
[32739] Microsoft Capicom Certificates ActiveX control code execution
[32737] Microsoft Content Management Server (MCMS) HTTP request cross-site scripting
[32736] Microsoft Content Management Server (MCMS) HTTP GET code execution
[32649] Microsoft Internet Explorer onUnload handler URL spoofing
[32647] Microsoft Internet Explorer onUnload handler denial of service
[32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
[32503] Microsoft Word document malformed string code execution
[32457] Microsoft Internet Explorer getElementById denial of service
[32454] Microsoft Visual Studio time functions denial of service
[32427] Microsoft Internet Explorer COM ActiveX object code execution
[32404] Microsoft Knowledge Base Article 905495 is not installed
[32403] Microsoft Knowledge Base Article 905414 is not installed
[32178] Microsoft Office Excel malformed record code execution
[32106] Microsoft Internet Explorer COM object code execution
[32100] Microsoft Internet Explorer FTP response code execution
[32097] Microsoft Word drawing object code execution
[32096] Microsoft Word macro code execution
[32095] Microsoft Internet Explorer COM object code execution
[32089] Microsoft Fronpage Extensions directory /_vti_log/ present
[32078] Microsoft Fronpage Extensions directory /_vti_bin/ present
[32076] Microsoft Frontpage Extensions directory /_vti_pvt/ present
[32074] Microsoft IIS iissamples directory present
[32020] Fullaspsite Asp Hosting Sitesi windows.asp SQL injection
[31914] Telestream Flip4Mac Windows Media Components for QuickTime WMV file code execution
[31867] Microsoft Internet Explorer ActiveX multiple properties denial of service
[31840] Microsoft Exchange Server detected
[31834] Microsoft Word document function code execution
[31814] Microsoft Internet Explorer IFRAME file URI denial of service
[31675] Microsoft Internet Explorer BrowseDialog ActiveX control denial of service
[31665] Microsoft Visual Studio .rc file buffer overflow
[31644] Microsoft IIS Web server access.cnf file detected
[31643] Microsoft HTML Help Workshop .HPJ files buffer overflow
[31642] Microsoft IIS Web server service.cnf file detected
[31638] Microsoft IIS Web server svcacl.cnf file detected
[31630] Microsoft Internet Information Services IISAdmin directory detected
[31555] Microsoft HTML Help Workshop .CNT files buffer overflow
[31549] Microsoft Internet Explorer CCRP Folder Treeview ActiveX control denial of service
[31358] Microsoft XML Core Services IFRAME code execution
[31287] Microsoft Internet Explorer VML record buffer overflow
[31284] Adobe Acrobat detected on Windows system
[31208] Microsoft Excel Palette record buffer overflow
[31207] Microsoft Excel column record buffer overflow
[31206] Microsoft Excel string buffer overflow
[31205] Microsoft Excel malformed record buffer overflow
[31204] Microsoft Excel IMDATA record buffer overflow
[31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
[31188] Microsoft Outlook Finder.exe .oss file buffer overflow
[31187] Microsoft Outlook email long header denial of service
[31186] Microsoft Outlook .iCal meeting request VEVENT buffer overflow
[31127] Microsoft Antivirus engine pdf buffer overflow
[31011] Microsoft Internet Information Services IUSR_Machine command execution
[30959] Microsoft Outlook ole32.dll ActiveX denial of service
[30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
[30885] Microsoft Word pointer code execution
[30806] Microsoft Word data structure code execution
[30738] Microsoft Word data string code execution
[30712] Novell Client for Windows SRVLOC.SYS component denial of service
[30609] Microsoft OLE Dialog component code execution
[30603] Microsoft Internet Explorer TIF folder OBJECT tag information disclosure
[30602] Microsoft Internet Explorer TIF folder drag and drop information disclosure
[30601] Microsoft Internet Explorer DHTML script code execution
[30600] Microsoft Internet Explorer script error handling code execution
[30596] Microsoft Step-by-Step Interactive Training bookmark link buffer overflow
[30220] Microsoft Internet Explorer Phishing Filter active
[30168] Microsoft Internet Explorer ieframe.dll certificate spoofing
[30004] Microsoft XMLHTTP ActiveX control code execution
[29945] Microsoft Agent .ACF file buffer overflow
[29915] Microsoft Visual Studio WmiScriptUtils.dll code execution
[29860] Microsoft .NET Framework request filtering insecure
[29837] Microsoft Internet Explorer ADODB.Connection code execution
[29827] Microsoft Internet Explorer Popup Address bar spoofing
[29750] Microsoft Active Directory unauthorized login attempt rejected
[29749] Microsoft Active Directory security audit setup failed
[29748] Microsoft Active Directory security attributes changed
[29747] Microsoft Active Directory Security Descriptor Propagator terminated
[29746] Microsoft Active Directory addition of replication link success
[29745] Microsoft Active Directory addition of replication link failed
[29744] Microsoft Active Directory replication connection created
[29742] Microsoft Active Directory object operation performed
[29741] Microsoft Active Directory outbound replication disabled
[29740] Microsoft Active Directory host not global catalog server
[29737] Microsoft Active Directory maximum LDAP connections reached
[29736] Microsoft Active Directory inbound replication disabled
[29735] Microsoft Active Directory calculate security descriptor failed
[29733] Microsoft Active Directory write security descriptor failed
[29731] Microsoft Active Directory object operation failed
[29730] Microsoft Active Directory right grant attempt failed
[29729] Microsoft Active Directory domain controller removal failed
[29728] Microsoft Active Directory SID inherit attempt failed
[29726] Microsoft Active Directory domain removed from enterprise
[29725] Microsoft Active Directory database initialization failure
[29724] Microsoft Active Directory certificate rejected, not trusted
[29722] Microsoft Active Directory certificate replication access rejected
[29713] Microsoft Internet Information Server MS01-026 patch is not installed
[29680] Microsoft Internet Information Server MS01-044 patch is not installed
[29670] Microsoft Internet Explorer 7 is installed
[29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
[29462] ISA Server Windows Out-Of-Band attack detected
[29242] Microsoft Excel COLINFO code execution
[29239] Microsoft Excel Lotus 1-2-3 file buffer overflow
[29238] Microsoft Excel DATETIME buffer overflow
[29234] Microsoft PowerPoint bit record code execution
[29233] Microsoft PowerPoint data record code execution
[29232] Microsoft PowerPoint object pointer code execution
[29225] Microsoft PowerPoint unspecified .ppt file code execution
[29224] Microsoft Word mail merge file code execution
[29216] Microsoft Office Smart Tag code execution
[29215] Microsoft Word malformed string code execution
[29213] Microsoft Office malformed record code execution
[29212] Microsoft Office malformed chart record code execution
[29210] Microsoft XML Core Services XLST buffer overflow
[29209] Microsoft Office malformed string code execution
[29206] Microsoft XML Core Services XMLHTTP information disclosure
[29199] Microsoft Internet Explorer layout combinations code execution
[29135] Microsoft Internet Explorer CSS HTML INPUT DIV element denial of service
[29092] Microsoft Visual Basic msgbox unspecified
[29004] Microsoft Internet Explorer VML buffer overflow
[28942] Microsoft Internet Explorer DirectAnimation keyframe buffer overflow
[28893] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow variant
[28775] Microsoft Word unspecified memory corruption code execution
[28658] Microsoft ASP.NET Framework HTTP cross-site scripting
[28651] Microsoft Indexing Service cross-site scripting
[28650] Microsoft Office PICT image filter code execution
[28648] Microsoft Publisher .pub file malformed string code execution
[28647] Microsoft Office EPS filter code execution
[28608] Microsoft Internet Explorer daxctle.ocx denial of service
[28559] Proventia Server for Windows is installed
[28532] AK-Systems Windows Terminal unauthorized VNC access
[28522] Microsoft Internet Explorer HTTP 1.1 compression long URL buffer overflow
[28516] Microsoft Internet Explorer multiple COM object color property denial of service
[28511] Microsoft Internet Explorer multiple Visual Studio COM object denial of service
[28444] Microsoft Internet Explorer tsuserex.dll COM object denial of service
[28439] Microsoft Internet Explorer msoe.dll COM object denial of service
[28438] Microsoft Internet Explorer chtskdic.dll COM object denial of service
[28436] Microsoft Internet Explorer imskdic.dll COM object denial of service
[28336] Symantec VERITAS Backup Exec for Windows Server RPC interface buffer overflow
[28068] Microsoft Internet Explorer deleted frame access denial of service
[28066] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service
[28046] Microsoft Internet Explorer NDFXArtEffects ActiveX object denial of service
[28043] Microsoft Internet Explorer HTML rendering code execution
[28042] Microsoft Internet Explorer Window location information disclosure
[28040] Microsoft Internet Explorer cross-domain code execution
[28039] Microsoft Internet Explorer ActiveX COM object code execution
[28037] Microsoft Internet Explorer chained CSS code execution
[28034] Microsoft Internet Explorer HTML layout code execution
[28025] Microsoft PowerPoint BIFF file format malformed record code execution
[28023] Microsoft Visual Basic for Applications (VBA) document property buffer overflow
[27932] Microsoft Internet Explorer native function iteration denial of service
[27931] Microsoft Internet Explorer Forms.ListBox.1 and Forms.ComboBox.1 ActiveX object denial of service
[27930] Microsoft Internet Explorer ASFSourceMediaDescription ActiveX object denial of service
[27929] Microsoft Internet Explorer Internet.HHCtrl ActiveX object denial of service
[27900] Microsoft Internet Explorer wininet.dll denial of service
[27890] Microsoft Internet Explorer href title denial of service
[27884] Microsoft Internet Explorer CEnroll ActiveX object denial of service
[27854] Microsoft IIS ASP cache virtual server information disclosure
[27845] Microsoft Internet Explorer OVCtl ActiveX object denial of service
[27833] Microsoft ISA file extension security bypass
[27804] Microsoft Internet Explorer WebViewFolderIcon ActiveX object code execution
[27803] Microsoft Internet Explorer DataSourceControl ActiveX object denial of service
[27795] Microsoft Works wksss.exe denial of service
[27794] Microsoft Works wksss.exe buffer overflow
[27783] Microsoft PowerPoint powerpnt.exe unspecified vulnerability
[27782] Microsoft PowerPoint unspecified memory corruption
[27781] Microsoft PowerPoint unspecified mso.dll code execution
[27762] Microsoft Internet Explorer DXImageTransform.Microsoft.Gradient ActiveX object denial of service
[27761] Microsoft Internet Explorer MHTMLFile ActiveX object denial of service
[27760] Microsoft Internet Explorer FolderItem control denial of service
[27740] Microsoft PowerPoint mso.dll malformed shape code execution
[27713] Microsoft Internet Explorer RevealTrans ActiveX object denial of service
[27675] Microsoft Internet Explorer TriEditDocument ActiveX object denial of service
[27653] Microsoft Excel Asian language editions Style and Repair buffer overflow
[27649] Microsoft Internet Explorer HtmlDlgSafeHelper ActiveX object denial of service
[27626] Microsoft Word hlink.dll buffer overflow
[27623] Microsoft Internet Explorer Object.Microsoft.DXTFilter ActiveX object denial of service
[27622] Microsoft Internet Explorer DirectAnimation.DAUserData ActiveX object denial of service
[27621] Microsoft Internet Explorer RDS.DataControl ActiveX object denial of service
[27617] Microsoft Office mso.dll LsCreateLine() denial of service
[27609] Microsoft Office property field buffer overflow
[27607] Microsoft Office string parsing buffer overflow
[27604] Microsoft Excel cell rebuilding code execution
[27599] Microsoft Internet Explorer OutlookExpress.AddressBook ActiveX object denial of service
[27596] Microsoft Internet Explorer ADODB.Recordset ActiveX object denial of service
[27592] Microsoft Internet Explorer table.frameset appendChild() denial of service
[27573] Microsoft Internet Explorer HTML Help HHCtrl ActiveX control buffer overflow
[27565] Microsoft Internet Explorer StructuredGraphicsControl SourceURL denial of service
[27558] Microsoft Office PNG buffer overflow
[27556] Microsoft Office GIF filter buffer overflow
[27550] Novell GroupWise Windows Client API unauthorized email access
[27544] Microsoft Office Excel SELECTION buffer overflow
[27542] Microsoft Office and Microsoft Works Suite Excel SELECTION buffer overflow
[27466] Microsoft Office and Microsoft Works Suite Excel LABEL buffer overflow
[27464] Microsoft Office Excel FNGROUPCOUNT buffer overflow
[27463] Microsoft Office Excel OBJECT buffer overflow
[27456] Microsoft Internet Explorer HTA SMB file share command execution
[27452] Microsoft Internet Explorer object.documentElement.outer information disclosure
[27450] Microsoft Office Suite Excel COLINFO buffer overflow
[27312] Microsoft Excel embedded Shockwave Flash Object code execution
[27288] Microsoft Internet Explorer ASCII encoded Web filter bypass
[27224] Microsoft Office hlink.dll COM object buffer overflow
[27179] Microsoft Excel unspecified code execution
[26971] Microsoft NetMeeting unspecified memory corruption denial of service
[26817] Microsoft Internet Explorer CSS position denial of service
[26810] Microsoft Internet Explorer mhtml://mid URL buffer overflow
[26808] Microsoft Internet Explorer HTML tag parsing denial of service
[26802] Microsoft ASP.NET Framework App_Code folder information disclosure
[26796] Microsoft Internet Information Services (IIS) ASP buffer overflow
[26784] Microsoft Powerpoint record buffer overflow
[26782] Microsoft Internet Explorer .mht files code execution
[26777] Microsoft Internet Explorer Address bar spoofing
[26774] Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX object code execution
[26768] Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX control code execution
[26766] Microsoft Internet Explorer UTF8 encoded HTML code execution
[26762] Microsoft Internet Explorer nested OBJECT tag memory corruption variant
[26632] Cisco VPN Client for Windows GUI privilege escalation
[26556] Microsoft Word document handling buffer overflow
[26340] Microsoft Infotech Storage System Library (itss.dll) CHM file heap corruption
[26281] Microsoft Internet Explorer mhtml: URL redirection information disclosure
[26233] Microsoft ISA Server log file manipulation
[26118] Microsoft Office 2003 mailto: information disclosure
[26111] Microsoft Internet Explorer modal security dialog box code execution
[26027] Ethereal NetXray/Windows Sniffer buffer overflow
[25978] Microsoft Internet Explorer nested OBJECT tag memory corruption
[25939] HP StorageWorks Secure Path for Windows denial of service
[25852] Microsoft Internet Explorer CSS scrollbar denial of service
[25844] Microsoft Dynamics GP magic number denial of service
[25843] Microsoft Dynamics GP DPS multiple buffer overflows
[25842] Microsoft Dynamics GP DPM multiple buffer overflows
[25841] Microsoft Dynamics GP DPS and DPM IP address buffer overflow
[25840] Microsoft Dynamics GP DPS and DPM string buffer overflow
[25818] Multiple Mozilla products windows.controllers array cross-site scripting
[25678] Microsoft Office document string buffer overflow
[25634] Microsoft Internet Explorer .swf address bar spoofing
[25557] Microsoft Internet Explorer address bar spoofing
[25556] Microsoft Exchange calendar attachment buffer overflow
[25555] Microsoft Internet Explorer navigation method popup security zone bypass
[25552] Microsoft Internet Explorer IOIeClientSite code execution
[25551] Microsoft Internet Explorer Double-Byte Character Set code execution
[25550] Microsoft Exchange Outlook Web Access cross-site scripting
[25547] Microsoft Internet Explorer HTML PRE tag code execution
[25545] Microsoft Internet Explorer COM objects as ActiveX code execution
[25542] Microsoft Internet Explorer HTML parsing code execution
[25537] Microsoft FrontPage Server Extensions HTML cross-site scripting
[25439] Microsoft .NET ILDASM buffer overflow
[25438] Microsoft .NET ILASM buffer overflow
[25394] Microsoft Internet Explorer HTA file execution
[25392] Microsoft ASP.NET COM and COM+ w3wp.exe denial of service
[25379] Microsoft Internet Explorer createTextRange() code execution
[25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
[25292] Microsoft Internet Exporer mshtml.dll buffer overflow
[25284] Microsoft Internet Explorer HTML CSS null dereference denial of service
[25256] Microsoft Internet Explorer Java VM denial of service
[25229] Microsoft Excel graphic buffer overflow
[25228] Microsoft Excel record buffer overflow
[25227] Microsoft Excel formula size buffer overflow
[25225] Microsoft Excel parsing format file buffer overflow
[25148] Microsoft Visual Studio and Visual InterDev .dbp and .sln DataProject buffer overflow
[25011] Microsoft Internet Explorer display adapter JPEG image denial of service
[25009] Microsoft Office routing slip metadata buffer overflow
[24923] Microsoft Internet Explorer IsComponentInstalled() buffer overflow
[24846] Microsoft Internet Explorer window.status memory leak denial of service
[24844] Microsoft .asf file detected
[24788] Microsoft Internet Explorer Script Engine stack denial of service
[24648] Microsoft Internet Explorer drag and drop event file downloading variant
[24629] BlackBerry Enterprise Server Attachment Service Microsoft Word file buffer overflow
[24490] Microsoft PowerPoint TIFF information disclosure
[24487] Microsoft Internet Explorer WMF image code execution
[24481] Microsoft HTML Help Workshop .hhp file buffer overflow
[24379] Microsoft Internet Explorer ActiveX kill bit settings can be bypassed
[24346] Microsoft Office \BaseNamedObjects\Mso97SharedDg denial of service
[24188] Microsoft Visual Studio project.dsp code execution
[24162] Microsoft Internet Explorer invalid IMG and XML element denial of service
[24116] Microsoft Visual Studio UserControl.Load code execution
[24089] Avira Desktop for Windows ACE filename buffer overflow
[24061] Symantec Norton SystemWorks NProtect directory is hidden from Windows APIs
[23895] Microsoft Internet Explorer HTML denial of service
[23706] Microsoft MSN Messenger and Internet Explorer image denial of service
[23571] Microsoft Internet Explorer cssText information disclosure
[23537] Microsoft Excel msvcrt.memmove() buffer overflow
[23451] Microsoft Internet Explorer HTTPS proxy authentication information disclosure
[23448] Microsoft Internet Explorer download dialog box code execution
[23129] Microsoft Outlook Express news server information disclosure
[22878] Microsoft Exchange Server and Outlook TNEF overflow
[22852] Microsoft Internet Explorer mshtmled.dll denial of service
[22474] Microsoft Internet Explorer colon data manipulation
[22472] Microsoft Internet Explorer ActiveX HTTP request injection
[22413] Microsoft Internet Explorer for Mac OS about: buffer overflow
[22379] Microsoft Internet Explorer Web content controlled cross-site scripting
[22338] Microsoft Internet Information Server WebDAV request source code disclosure
[22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
[22268] Microsoft Log Sink Class ActiveX pkmcore.dll file manipulation
[22183] Microsoft Exchange Server 2003 public folder denial of service
[22155] Microsoft Knowledge Base Article 896688 is not installed
[22073] Microsoft Knowledge Base Article 903235 is not installed
[22072] Microsoft Knowledge Base Article 899587 is not installed
[22071] Microsoft Knowledge Base Article 896428 is not installed
[22069] Microsoft Knowledge Base Article 890859 is not installed
[22068] Microsoft Knowledge Base Article 890046 is not installed
[22042] Microsoft Internet Explorer command execution
[21955] Microsoft Internet Information Server SERVER_NAME request spoofing
[21930] Microsoft Internet Explorer URL restricted zone denial of service
[21702] Microsoft Internet Explorer Web Folder Behaviors zone bypass
[21701] Microsoft Internet Explorer JPEG image buffer overflow
[21660] Microsoft ActiveSync brute force allows attacker to guess equipment IDs
[21658] Microsoft ActiveSync multiple request denial of service
[21553] Microsoft Internet Explorer AJAX denial of service
[21537] Microsoft FrontPage style tag denial of service
[21455] MSN (Microsoft Network) Messenger .pif denial of service
[21352] Microsoft ASP.NET RCP/encoded denial of service
[21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
[21307] Microsoft Internet Explorer multiple COM object code execution
[21271] Microsoft Word font buffer overflow
[21193] Microsoft Internet Explorer javaprxy.dll buffer overflow
[21100] Microsoft Internet Explorer popup obtain information
[21071] Microsoft Internet Explorer BMP memory denial of service
[21025] Microsoft ISA Server SecureNAT client configuration denial of service
[20975] Microsoft Internet Explorer allows script code modification
[20967] Microsoft Exchange Outlook Web Access cross-site scripting
[20843] Microsoft ISA Server Netbios bypass policy
[20842] Microsoft ISA Server HTTP header cache poisoning
[20831] Microsoft Agent character spoof
[20830] Microsoft Outlook Express NNTP Response Parsing buffer overflow
[20693] Microsoft ASP.NET Framework SQL injection
[20692] Microsoft ASP.NET Framework full path disclosure
[20683] Microsoft Word .mcw file buffer overflow
[20617] Microsoft Internet Explorer information bar security bypass
[20409] Microsoft ASP.NET Framework ViewState replay
[20408] Microsoft ASP.NET Framework _VIEWSTATE denial of service
[20080] Oracle Forms Query/Where Windows popup SQL injection
[20026] Microsoft Outlook and Outlook Web Access email client address spoofing
[19950] MSN (Microsoft Network) Messenger GIF image code execution
[19914] Microsoft Jet Database msjet40.dll library buffer overflow
[19875] Microsoft Knowledge Base Article 893066 is not installed
[19842] Microsoft Internet Explorer Content Advisor buffer overflow
[19841] Microsoft Internet Explorer URL buffer overflow
[19831] Microsoft Internet Explorer DHTML object buffer overflow
[19828] Microsoft Word document buffer overflow
[19716] Microsoft Office InfoPath form information disclosure
[19629] Microsoft Exchange Server 2003 folder denial of service
[19461] Microsoft Office applications information disclosure
[19452] Microsoft Internet Explorer title bar spoofing
[19373] Microsoft Internet Explorer and Outlook Express status bar spoofing
[19252] Microsoft Knowledge Base Article 890261 is not installed
[19225] Microsoft Outlook Web Access owalogon.asp script URL redirect
[19214] Microsoft Internet Explorer file URL encode
[19141] Microsoft Knowledge Base Article 867282 is not installed
[19137] Microsoft Internet Explorer Channel Definition Format code execution
[19133] Microsoft DHTML method buffer overflow
[19121] Microsoft Pocket Internet Explorer (PIE) URL Unicode spoofing
[19118] Microsoft Knowledge Base Article 890047 is not installed
[19117] Microsoft Internet Explorer drag and drop event file downloading
[19116] Microsoft Knowledge Base Article 891781 is not installed
[19112] Microsoft Knowledge Base Article 873352 is not installed
[19111] Microsoft Knowledge Base Article 888113 is not installed
[19107] Microsoft Office XP URL buffer overflow
[19106] Microsoft Knowledge Base Article 873333 is not installed
[19102] Microsoft Knowledge Base Article 885834 is not installed
[19095] Microsoft Knowledge Base Article 888302 is not installed
[19092] Microsoft Knowledge Base Article 887981 is not installed
[19090] Microsoft Knowledge Base Article 885250 is not installed
[18944] Microsoft Knowledge Base Article 886185 is not installed
[18936] Microsoft Internet Explorer file exisitence
[18897] Microsoft Internet Explorer bypass file download warning
[18770] Microsoft Knowledge Base Article 890175 is not installed
[18769] Microsoft Knowledge Base Article 887219 is not installed
[18723] Microsoft Internet Explorer FTP arbitrary file creation
[18504] Microsoft Internet Explorer DHTML bypass cross-domain security model
[18489] Cisco Unity integrated with Microsoft Exchange has default user accounts
[18444] Microsoft Internet Explorer could allow an attaker to bypass popup blocking
[18442] Microsoft SharePoint Portal Server could allow an attacker to obtain password
[18395] Microsoft Internet Explorer sysimage obtain information
[18389] Microsoft Exchange Server SMTP buffer overflow
[18388] Microsoft Exchange Server SMTP integer overflow
[18311] Microsoft Internet Explorer save file caused by the Related Topics command of the Help ActiveX Control
[18269] Microsoft Internet Explorer Save Picture As spoofing
[18189] Altiris Deployment Agent for Windows allows elevated privileges
[18181] Microsoft Internet Explorer execCommand bypass download warnings
[18073] Microsoft Internet Explorer path cookie overwrite
[18020] Microsoft Internet Explorer status bar spoofing
[17989] Microsoft Internet Explorer open window allows attacker to obtain information
[17938] Microsoft Internet Explorer A HREF status bar spoofing
[17936] Cisco Secure ACS for Windows and Solution Engine EAP-TLS bypass authentication
[17931] Microsoft Internet Explorer mshtml.dll denial of service
[17911] Microsoft Internet Explorer FONT tags denial of service
[17910] Microsoft Internet Explorer Hhctrl.ocx allows cross-domain script injection
[17909] Microsoft Internet Explorer table status bar spoofing
[17907] Microsoft ISA Server and Proxy Server Patch MS04-039 is not installed
[17906] Microsoft ISA Server and Proxy Server allow Web site spoofing caused by cache reverse lookup results
[17889] Microsoft Internet Explorer IFRAME SRC NAME buffer overflow
[17868] Microsoft Remote Desktop Tsshutdn command restart
[17828] Microsoft Outlook base64 image file bypass security
[17826] Microsoft Outlook 2003 CID security bypass
[17824] Microsoft Internet Explorer AnchorClick command execution
[17820] Microsoft Internet Explorer bypass Drag and Drop or copy and paste files security setting
[17746] Microsoft Internet Explorer URL address spoofing
[17739] Microsoft FrontPage and Internet Explorer asycpict.dll JPEG denial of service
[17683] Microsoft Excel MS04-033 patch is not installed
[17656] Microsoft Internet Information Server MS04-030 patch is not installed
[17655] Microsoft Internet Explorer plug-in navigation allows address bar spoofing
[17654] Microsoft Internet Explorer cache from SSL Web sites obtain information
[17653] Microsoft Excel allows code execution
[17652] Microsoft Internet Explorer Double Byte Character Set spoof Web site to obtain information
[17651] Microsoft Internet Explorer MS04-038 patch is not installed
[17650] Microsoft Internet Explorer allows unauthorized access to XML documents
[17645] Microsoft Internet Information Server WebDAV multiple attributes per XML elements cause denial of service
[17644] Microsoft ASP.NET Framework bypass security
[17635] Microsoft Word improper file parsing buffer overflow
[17620] Microsoft Internet Explorer InstallEngineCtl SetCifFile buffer overflow
[17542] Microsoft SQL Server data buffer denial of service
[17479] Windows Mite backdoor
[17408] MyWaySpeedBar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[17407] DealHelper attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[17402] zSearch attaches to processes of Microsoft Internet Explorer
[17395] AdButler spyware attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[17340] Microsoft Word Perfect MS04-027 patch is not installed
[17306] Microsoft WordPerfect converter long message buffer overflow
[17153] Microsoft System Information (Msinfo32.exe) msinfo_file buffer overflow
[17118] Cisco Secure ACS Windows and Solution Engine CSAdmin bypass authentication
[17116] Cisco Secure ACS Windows and Solution Engine LEAP RADIUS denial of service
[17115] Cisco Secure ACS Windows and Solution Engine CSAdmin HTTP denial of service
[17114] Cisco Secure ACS Windows and Solution Engine CSAdmin TCP denial of service
[17102] Microsoft Internet Explorer IFRAME information disclosure
[17098] Microsoft Outlook Express address information disclosure
[17048] Microsoft ISA Server FTP bounce attack
[17044] Microsoft Internet Explorer dragDrop allows code execution
[17007] Microsoft Internet Explorer address bar spoofing
[16872] Microsoft Internet Information Server (IIS) ActivePerl command execution
[16857] Microsoft Internet Explorer STYLE tag comment buffer overflow
[16805] Microsoft Internet Explorer MS04-025 patch is not installed
[16804] Microsoft Internet Explorer MSHTML.DLL GIF file buffer overflow
[16709] Microsoft Internet Explorer JavaScript denial of service
[16708] Microsoft Outlook Express code execution
[16707] Suspicious or malicious windows registry keys and values exist
[16696] Microsoft Systems Management Server (SMS) Remote Control Client service denial of service
[16692] PHP HTML tags may bypass strip_tag function in Microsoft Internet Explorer and Safari
[16681] Microsoft Internet Explorer function redirect cross-site scripting
[16678] Microsoft Internet Explorer text file denial of service
[16675] Microsoft Internet Explorer popup.show allows attacker to perform actions
[16666] Microsoft Java Virtual Machine sandbox restriction bypass
[16663] Microsoft Word and Outlook Object tag allows unauthorized access
[16656] Microsoft Internet Information Server (IIS) MS04-021 patch is not installed
[16648] Microsoft Internet Explorer Shell.Application
[16624] Microsoft Internet Explorer ADODB.Stream object is not disabled
[16585] Microsoft Outlook Express malformed email header denial of service
[16583] Microsoft Exchange Server OWA could allow remote execution of code
[16578] Microsoft Internet Information Server (IIS) redirect buffer overflow
[16448] Microsoft MN-500 Web administration denial of service
[16443] Microsoft Internet Explorer Wildcard DNS entry cross-site scripting
[16420] Microsoft Internet Explorer null pointer denial of service
[16398] Microsoft Internet Explorer bypass security zone restrictions
[16394] Microsoft Internet Explorer ADODB.Stream object code execution
[16384] Microsoft ISA Server Web Proxy redirect denial of service
[16383] Microsoft ISA Server Basic authentication credentials sent in plain text
[16382] Microsoft ISA Server canonicalization error in Rules engine
[16380] Microsoft ISA Server Web Proxy SSL denial of service
[16361] Microsoft Internet Explorer bypass cross-zone restrictions
[16348] Microsoft Internet Explorer Location: header bypass restrictions
[16306] Microsoft DirectX DirectPlay denial of service
[16205] Microsoft SQL Server buffer overflow exploit attempt detected
[16202] Microsoft Internet Explorer buffer overflow exploit attempt detected
[16201] Microsoft Internet Information Services buffer overflow exploit attempt detected
[16200] Microsoft Exchange Server buffer overflow exploit attempt detected
[16189] Microsoft Internet Explorer CSS denial of service
[16181] Microsoft Visual Basic Command1_Click buffer overflow
[16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
[16168] Microsoft Outlook Express SMTP usernames and passwords disclosure
[16161] Microsoft Internet Explorer browser URL spoofing
[16160] Microsoft Internet Explorer MSHTM.DLL http-equiv META tag denial of service
[16147] Microsoft Internet Explorer showHelp CHM file execution
[16119] Microsoft Outlook 2000 URL spoofing
[16116] Microsoft Outlook VML information disclosure
[16104] Microsoft Outlook 2003 predictable file location could allow code execution
[16102] Microsoft Internet Explorer and Outlook Express A HREF URL spoofing
[16091] Microsoft Internet Explorer file URL could allow an attacker to overwrite registry
[16061] Microsoft Internet Explorer SSL certificate spoofing
[16058] Microsoft Internet Information Server ASP information disclosure
[15906] Microsoft Visual Studio .NET unknown Debugger configuration issue
[15859] Microsoft Outlook email ASCII NUL denial of service
[15853] Microsoft Internet Explorer OLE object unauthorized print job
[15832] Microsoft Internet Explorer IFRAME denial of service
[15809] Microsoft Outlook Express MS04-013 patch is not installed
[15729] Microsoft SharePoint Portal Server cross-site scripting
[15705] Microsoft Outlook Express MHTML URL allows execution of code
[15703] Microsoft Jet Database Engine query could execute code
[15698] Microsoft Internet Explorer and Outlook Express URL FORM spoofing
[15591] Microsoft Visual Studio and Microsoft Visual C++ denial of service
[15544] Microsoft Internet Explorer shell: command denial of service
[15521] MSN (Microsoft Network) Messenger file transfer
[15429] Microsoft Outlook MS04-009 patch is not installed
[15427] Microsoft Network Messenger MS04-010 patch is not installed
[15414] Microsoft Outlook 2002 mailto URL allows execution of code
[15337] Microsoft Internet Explorer cross-frame domain restrictions bypass
[15326] Microsoft Internet Explorer Perfect Nav plugin denial of service
[15210] Microsoft Internet Explorer BMP bitmap image file integer overflow
[15127] Microsoft Internet Explorer and Outlook null character in host name denial of service
[15113] Microsoft Virtual PC for Mac allows elevated privileges
[15078] Microsoft Internet Explorer vb script reports different errors to obtain information
[15006] Microsoft Internet Explorer MS04-004 patch is not installed
[14964] Microsoft Internet Explorer file extension spoofing
[14845] Microsoft Convert.exe converts FAT32 to NTFS files systems insecurely
[14609] ZyncosMark attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14601] WurldMedia attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14594] WinLocator BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14561] spyware VX2.BetterInternet attaches to processes of Microsoft Internet Explorer to obtain information
[14560] VX2.BC777(SiteHlprBHO) attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14537] TopSearch attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14529] Thesten attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14522] Surfairy attaches to processes of Microsoft Internet Explorer and opens advertisements
[14504] ShopNav Hijacker attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14494] SearchWWW attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass security software
[14426] NavExcel attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software
[14425] MyWebSearch Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software
[14424] MyFastAccess Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software
[14422] MSMediaservice attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code
[14421] MSIEbho-Stub BHO attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software
[14418] MPGCom Toolbar attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software
[14400] Kontiki attaches to processes of Microsoft Internet Explorerand acts as part of the Web browser to bypass software
[14396] JAJsoft.CSRS attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software
[14395] iWon attaches to processes of Microsoft Internet Explorer and could allow a remote attacker to execute code
[14390] IPInsight attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code
[14389] Invictus MediaUpdate attaches to processes of Microsoft Internet Explorer and could allow an attacker to execute code
[14383] IETop100 attaches to processes of Microsoft Internet Explorer and acts as part of the Web browser to bypass software
[14380] IDGsearch spyware attaches to processes of Microsoft Internet Explorer and could allow execution of code
[14378] IBIS Toolbar attaches to processes of Microsoft Internet Explorer to obtain information
[14374] Httper attaches to processes of Microsoft Internet Explorer and allows execution of code
[14348] Friend Toolbar attaches to processes of Microsoft Internet Explorer
[14342] FindSex attaches to processes of Microsoft Internet Explorer and allows disclosure of information
[14340] FavoriteMan attaches to processes of Microsoft Internet Explorer and may allow execution of code
[14325] emes-x bho attaches to processes of Microsoft Internet Explorer and may allow execution of code
[14316] e2Give attaches to processes of Microsoft Internet Explorer and obtains information
[14314] DyFuCA attaches to processes of Microsoft Internet Explorer and obtains information
[14256] BDSearch Plugin attaches to processes of Microsoft Internet Explorer and may replace the home page
[14252] AutoSearchBHO attaches to processes of Microsoft Internet Explorer
[14243] Alexa spyware attaches to processes of Microsoft Internet Explorer
[14237] Microsoft URLScan Web server information disclosure
[14188] HD Soft Windows FTP Server format string
[14187] Microsoft Data Access Components (MDAC) broadcast request buffer overflow
[14179] Microsoft Data Access Components (MDAC) MS04-003 patch is not installed
[14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
[14177] Microsoft ISA MS04-001 patch is not installed
[14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
[14137] GoodTech Telnet Server for Windows NT/2000/XP long string denial of service
[14130] Microsoft Excel could allow an attacker to bypass the "
[14129] Microsoft Word, Excel, and PowerPoint could allow an attacker to bypass the "
[14128] Microsoft Word could allow an attacker to bypass "
[14127] Microsoft Internet Explorer .lnk shortcuts could allow code execution
[14105] Microsoft Internet Explorer showHelp directory traversal
[14100] Windows Telnet Server username buffer overflow
[14092] Microsoft Internet Explorer "
[14077] Microsoft Internet Information Server (IIS) fails to properly log HTTP TRACK requests
[13975] Microsoft Internet Explorer cache attack allows code execution
[13960] FlashGet stores user passwords in plain text in Windows registry
[13935] Microsoft Internet Explorer domain URL spoofing
[13869] Microsoft Exchange Server OWA could allow unauthorized email account access
[13847] Microsoft Internet Explorer download function cache directory disclosure
[13846] Microsoft Internet Explorer subframe cross-site scripting
[13845] Microsoft Internet Explorer mhtml: URL handler bypass check
[13844] Microsoft Internet Explorer method caching perform actions
[13809] Microsoft Internet Explorer scrollbar-base-color attribute denial of service
[13795] Microsoft SharePoint settings.htm authentication bypass
[13779] Microsoft Internet Explorer HTML injection
[13682] Microsoft Word macro buffer overflow allows execution of code
[13681] Microsoft Excel macro allows attacker to execute code
[13680] Microsoft FrontPage Server Extensions SmartHTML Interpreter denial of service
[13679] Microsoft Internet Explorer drag and drop could allow an attacker to save file to local system
[13678] Microsoft Internet Explorer XML object could allow an attacker to obtain information
[13677] Microsoft Internet Explorer script URLs zone bypass
[13676] Microsoft Internet Explorer function pointer override zone bypass
[13675] Microsoft Internet Explorer ExecCommand zone bypass
[13674] Microsoft FrontPage Server Extensions debug buffer overflow
[13652] Microsoft Data Access Components GET request
[13617] Microsoft Internet Explorer clientCaps behavior could disclose sensitive information
[13588] Microsoft Internet Explorer IFRAME tag could allow an attacker to execute files
[13501] Microsoft Internet Explorer position: absolute denial of service
[13500] Microsoft Word malformed document
[13453] Microsoft Internet Information Server 404 error message determines service pack level
[13433] Microsoft Exchange SMTP extended verb request denial of service
[13432] Microsoft Exchange SMTP extended verb request buffer overflow
[13421] Microsoft Exchange Server OWA Compose New Message form cross-site scripting
[13403] HP OpenView Operations for Windows remote action
[13376] Microsoft Internet Explorer Dynamic HTML behaviors allows an attacker to execute code
[13314] Microsoft Internet Explorer popup window containing Object Data tags could allow an attacker to execute code
[13300] Microsoft Internet Explorer XML Web page containing Object Data tags could allow an attacker to execute code
[13285] Microsoft PowerPoint data manipulation
[13242] Microsoft BizTalk Server insecure permissions in BizTalkServerDocs and BizTalkServerRespository directories allow file upload
[13207] TM-POP3 Server stores user passwords in plain text in Windows registry
[13176] Microsoft Internet Explorer media sidebar could allow an attacker to execute code
[13166] Microsoft Internet Explorer history.back function allows attacker to obtain information from a site loaded in a different frame and domain
[13165] Microsoft Internet Explorer NavigateAndFind function allows an attacker to obtain information and execute code
[13163] Microsoft Internet Explorer window.open function allows an attacker to obtain information and execute code
[13162] Microsoft Internet Explorer history.back function allows an attacker to obtain information and execute code
[13161] Microsoft Internet Explorer allows an attacker to obtain cookies by opening Web site in _search window
[13126] Microsoft ASP.NET could allow an attacker to bypass Request Validation feature
[13116] Microsoft IIS MS03-018 patch is not installed on the system
[13093] Microsoft Access Snapshot Viewer buffer overflow
[13091] Microsoft Office WordPerfect converter buffer overflow
[13090] Microsoft Word could allow an attacker to bypass Macro Security Model
[13088] Microsoft IIS running RealSecure Server Sensor ISAPI plug-in denial of service
[13029] Microsoft Internet Explorer input type tag denial of service
[12970] Microsoft Internet Explorer DBCS Type property of Object tag buffer overflow
[12962] Microsoft Internet Explorer BR549.DLL ActiveX control buffer overflow
[12961] Microsoft Internet Explorer browser cache script injection
[12960] Microsoft Internet Explorer Object Data tags could allow an attacker to execute code
[12959] Microsoft Data Access Components broadcast request buffer overflow
[12914] Microsoft Internet Explorer about:blank page cross-site scripting
[12910] Microsoft Visual Studio MCWNDX ActiveX buffer overflow
[12872] Microsoft NetMeeting malformed packet denial of service
[12783] Microsoft Internet Information Server ASP engine could allow an attacker to upload malicious files
[12704] Microsoft SQL Server named pipe hijack
[12703] Microsoft SQL Server LPC buffer overflow
[12702] Microsoft DirectX MIDI buffer overflows
[12700] Microsoft SQL Server named pipe denial of service
[12687] Microsoft IIS Remote Administration Tool allows attacker to reset administrative password
[12686] Microsoft IIS Remote Administration Tool could allow an attacker to obtain valid session IDs
[12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
[12627] Microsoft ISA homepage function error page cross-site scripting
[12590] Microsoft Internet Explorer window.external.AutoScan function cross-site scripting
[12538] Microsoft Internet Explorer C:\aux URL denial of service
[12532] Microsoft Exchange OWA REFERER header cross-site scripting
[12531] Microsoft Exchange OWA could allow an attacker to execute code
[12530] Microsoft SQL Server CreateFile API function allows attacker to gain privileges
[12512] IglooFTP PRO for Windows FTP banner, Username, Password, and Account functions buffer overflow
[12490] Microsoft NetMeeting "
[12444] Microsoft Internet Explorer HTML conversion library buffer overflow
[12336] Microsoft Internet Explorer Homepage function could allow command execution
[12334] Microsoft Internet Explorer MSXML cross-site scripting
[12249] Microsoft Internet Explorer FTP implementation "
[12193] Microsoft Internet Explorer "
[12184] Microsoft Internet Explorer Type property of Object tag buffer overflow
[12137] Microsoft Internet Explorer URL spoofing
[12100] Microsoft IIS long WebDAV requests containing XML denial of service
[12099] Microsoft IIS Response.AddHeader denial of service
[12098] Microsoft IIS Server-Side Include (SSI) long file name buffer overflow
[12097] Microsoft IIS redirect error cross-site scripting
[12089] Microsoft SQL Server Jet OLE DB Provider is enabled
[12043] Microsoft Internet Explorer Script Engine denial of service
[12019] Microsoft Internet Explorer FRAME or IFRAME bypass restrictions
[11946] Microsoft Internet Explorer anchorClick behavior denial of service
[11918] Microsoft IIS authentication mechanism could allow an attacker to determine valid user account names
[11901] Microsoft BizTalk Server 2002 SQL injection
[11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
[11873] Microsoft Internet Explorer, Outlook, and FrontPage shlwapi.dll library denial of service
[11854] Microsoft Internet Explorer plug-in.ocx Load method buffer overflow
[11849] Microsoft Internet Explorer Modal Dialog could allow an attacker to read files
[11848] Microsoft Internet Explorer improper rendering of third party file types could allow code execution
[11847] Microsoft Internet Explorer File Upload control allows attacker to obtain information
[11846] Microsoft Internet Explorer URLMON.DLL library buffer overflow
[11805] Microsoft Internet Explorer OBJECT tag denial of service
[11776] Microsoft Active Directory insecure permissions on SYSTEM-account
[11752] Microsoft ISA and Proxy Server Firewall and Winsock Proxy service denial of service
[11751] Microsoft VM ByteCode Verifier improper validation of code
[11589] Microsoft ActiveSync "
[11576] Microsoft ISA DNS intrusion detection application filter denial of service
[11537] Microsoft IIS WebDAV service is running on the system
[11533] Microsoft IIS WebDAV long request buffer overflow
[11507] Microsoft Internet Explorer .mht buffer overflow
[11466] Microsoft Internet Explorer embedded HTML EXE file execution
[11430] Microsoft Locator service is running on the system
[11411] Microsoft Outlook CODEBASE value allows remote program execution
[11264] Microsoft Internet Explorer MS03-004 patch is not installed on the system
[11259] Microsoft Internet Explorer showHelp() zone bypass
[11258] Microsoft Internet Explorer dialog box zone bypass
[11250] Microsoft Internet Explorer dragDrop() method could be used to read local files
[11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
[10945] Microsoft Internet Explorer multimedia file URL cross-site scripting
[10943] Gallery Windows XP Publishing feature could be used to execute commands
[10883] Microsoft Internet Explorer Browser Helper Object (BHO) could disclose information
[10833] Microsoft VM JDBC APIs could allow unauthorized database access
[10822] Microsoft Word and Excel stores ODBC passwords and usernames in plain text
[10809] Microsoft Internet Explorer MS02-068 patch is not installed on the system
[10798] Microsoft Internet Explorer dialog window style parameter can access a user`s local security zone
[10763] Microsoft Outlook malformed email header denial of service
[10760] Microsoft RDS has been enabled on the system
[10732] Sun Solaris OpenWindows mailtool(1) denial of service
[10723] SSH Windows client URL buffer overflow
[10674] Microsoft Internet Explorer IFRAME dialogArguments object can access a user`s local security zone
[10670] Microsoft Data Access Components (MDAC) MS02-065 patch is not installed
[10669] Microsoft Data Access Components RDS Data Stub client heap buffer overflow
[10665] Microsoft Internet Explorer OBJECT tag could be used to read TIF folder name
[10662] Microsoft Internet Explorer PNG inflate_fast() buffer overflow
[10659] Microsoft Data Access Components RDS Data Stub server heap buffer overflow
[10590] Microsoft Internet Information Server (IIS) MS02-062 patch
[10588] Microsoft VM HTML Applet tag denial of service
[10587] Microsoft VM passed HTML object denial of service
[10586] Microsoft VM CabCracker class could allow an attacker to load .cab archives
[10585] Microsoft VM StandardSecurityManager class restriction bypass
[10584] Microsoft VM Java Applet codebase tag could be used to read files
[10583] Microsoft VM INativeServices could be used to access clipboard contents
[10582] Microsoft VM INativeServices could allow unauthorized memory access
[10581] Microsoft VM Java Applet could disclose path to current directory
[10580] Microsoft VM Java Applet class loader buffer overflow
[10579] Microsoft VM URL redirect cross-domain Java Applet execution
[10542] Microsoft SQL Server login accounts use weak encryption algorithm
[10535] EventSave and EventSave+ could allow event loss from the Windows NT log
[10504] Microsoft IIS script source access could be bypassed to upload .COM files
[10503] Microsoft IIS WebDAV memory allocation denial of service
[10502] Microsoft IIS out-of-process applications could be used to gain elevated privileges
[10501] Microsoft IIS administrative Web pages cross-site scripting
[10500] Microsoft Outlook Express fails to delete messages from dbx files
[10459] Microsoft Internet Explorer could allow an attacker to bypass cookie restrictions
[10443] Microsoft Internet Explorer saved "
[10440] Microsoft Internet Explorer clipboardData cached object DOM access
[10439] Microsoft Internet Explorer execCommand cached object DOM access
[10438] Microsoft Internet Explorer getElementsByTagName cached object DOM access
[10437] Microsoft Internet Explorer getElementsByName cached object DOM access
[10436] Microsoft Internet Explorer getElementById cached object DOM access
[10435] Microsoft Internet Explorer elementFromPoint cached object DOM access
[10434] Microsoft Internet Explorer createRange cached object DOM access
[10433] Microsoft Internet Explorer external cached object DOM access
[10432] Microsoft Internet Explorer showModalDialog cached object DOM access
[10388] Microsoft SQL Server Web tasks could allow elevated privileges
[10371] Microsoft Internet Explorer oIFrameElement.Document cross-domain script execution
[10370] Microsoft IIS HTTP HOST header denial of service
[10342] Microsoft TSAC ActiveX connect.asp cross-site scripting
[10338] Microsoft Outlook Express S/MIME certificate buffer overflow
[10318] Microsoft Content Management Server (MCMS) ManualLogin.asp REASONTXT cross-site scripting
[10294] Microsoft IIS .idc extension error message cross-site scripting
[10290] Microsoft Internet Explorer saved "
[10259] Microsoft Services for Unix (SFU) invalid RPC packet denial of service
[10258] Microsoft Services for Unix (SFU) RPC parameter size buffer overflow could crash the server
[10257] Microsoft SQL Server Agent scheduled jobs could create malicious output files
[10255] Microsoft SQL Server Database Consistency Checker (DBCC) buffer overflow
[10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
[10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
[10186] Microsoft Active Data Objects (ADO) buffer overflow
[10184] Microsoft IIS 5.0 resource utilization denial of service
[10180] Microsoft Internet Explorer fails to report an expired SSL CA certificate
[10179] Microsoft Virtual Machine (VM) JDBC class allows access to ODBC data sources
[10158] Microsoft Internet Explorer HTTP redirect bypass restrictions
[10155] Microsoft Word INCLUDEPICTURE field in shared documents can be used to read other files
[10135] Microsoft Virtual Machine (VM) XML methods can be accessed
[10134] Microsoft Virtual Machine (VM) JDBC handle validation could crash Internet Explorer
[10133] Microsoft Virtual Machine (VM) JDBC classes can execute local DLLs
[10119] Microsoft NetMeeting RDS local session hijacking
[10117] Microsoft Internet Explorer FTP URL denial of service
[10067] Microsoft Outlook Express "
[10066] Microsoft Internet Explorer frame/iframe javascript: URL cross-domain script execution
[10044] Cisco VPN Client Windows utility program could decipher the group password
[10039] Microsoft Internet Explorer URL encoded forward-slash "
[10035] Microsoft Visual FoxPro could allow an attacker to execute an application
[10033] Microsoft Outlook Express S/MIME spoofed CA certificate man-in-the-middle attack
[10031] Microsoft SQL Server Resolution Service stack buffer overflow
[10021] Cisco VPN 3000 series concentrators Windows PPTP client denial of service
[10012] Microsoft SQL Server sp_MSSetServerProperties and sp_MSsetalertinfo stored procedures allow "
[10008] Microsoft Word INCLUDETEXT field in shared documents can be used to read other files
[9938] Microsoft Internet Explorer "
[9937] Microsoft Internet Explorer file download origin spoofing
[9936] Microsoft Internet Explorer XML redirect could be used to read files
[9935] Microsoft Legacy Text Formatting ActiveX control buffer overflow
[9934] Microsoft TSAC ActiveX control buffer overflow
[9931] Microsoft Office Web Components MS02-044 patch is not installed on the system
[9909] MySQL logging disabled by default on Windows
[9907] Microsoft FTM ActiveX control could be used by an attacker to upload and download files
[9906] Microsoft FTM ActiveX control "
[9893] Microsoft SQL Server Agent jobs could be used to create and overwrite files
[9886] Microsoft Internet Explorer Java logging could be used to execute code
[9885] Microsoft Internet Explorer XML Datasource applet could be used to read local files
[9883] Microsoft Internet Explorer Google Toolbar search request denial of service
[9881] Microsoft Internet Explorer "
[9877] Microsoft DirectX Files Viewer control buffer overflow
[9857] Microsoft SQL Server XPs with weak permissions could allow elevated privileges
[9848] Microsoft Internet Explorer HTM script execution
[9791] Microsoft Exchange IIS license exhaustion denial of service
[9789] Microsoft Exchange MSRPC denial of service
[9788] Microsoft SQL Server pre-authentication buffer overflow
[9785] Microsoft Content Management Server (MCMS) resource request SQL injection
[9784] Microsoft Content Management Server (MCMS) Web authoring file execution
[9783] Microsoft Content Management Server (MCMS) authentication buffer overflow
[9734] Microsoft SQL Server MDAC OpenRowSet buffer overflow
[9732] Microsoft Office Web Components (OWC) could allow a remote attacker to execute code
[9724] Microsoft Outlook Express could allow the execution of XML files within the Temporary Internet File (TIF) directory
[9667] Microsoft SQL Server MS02-038 patch
[9666] Microsoft SQL Server MS02-039 patch
[9662] Microsoft SQL Server Resolution Service keep-alive function denial of service
[9661] Microsoft SQL Server Resolution Service heap buffer overflow
[9660] Microsoft SQL Server replication stored procedures are vulnerable to SQL Injection
[9659] Microsoft SQL Server Database Consistency Checker (DBCC) utilities have multiple buffer overflows
[9658] Microsoft Exchange Server Internet Mail Connector (IMC) EHLO buffer overflow
[9657] Microsoft Metadirectory Services (MMS) could allow unauthorized access to the data repository
[9653] Microsoft Internet Explorer CTRL key could be used to upload files
[9643] Microsoft Outlook Express malformed MIME headers could allow file type, size, and icon spoofing
[9617] Microsoft Internet Explorer JavaScript page transitions denial of service
[9580] Microsoft IIS SMTP service encapsulated addresses could allow mail relaying
[9537] Microsoft Internet Explorer WebBrowser control OBJECT property could allow cross domain scripting
[9531] Microsoft Internet Explorer CLASSID denial of service
[9529] Microsoft Foundation Class Library ISAPI Buffer Overflow
[9525] Microsoft Outlook PGP plug-in heap buffer overflow could allow remote code execution
[9524] Microsoft SQL Server could store some passwords insecurely
[9523] Microsoft SQL Server service account insecure registry permissions
[9522] Microsoft SQL Server bulk data insert buffer overflow
[9426] Microsoft Commerce Server new variant of AuthFilter ISAPI filter buffer overflow
[9425] Microsoft Commerce Server OWC package installer folder permissions could allow remote command execution
[9424] Microsoft Commerce Server OWC package installer buffer overflow
[9423] Microsoft Commerce Server Profile Service API buffer overflow
[9399] Microsoft Excel XSL Stylesheet allows attacker to execute script code
[9398] Microsoft Excel allows macro execution if opened using hyperlink with drawing shape object
[9397] Microsoft Excel execute inline macros
[9367] Microsoft Internet Explorer Cascading Style-Sheet (CSS) bold font denial of service
[9362] Microsoft Visual Studio .NET (Korean version) includes a Nimda-infected file
[9346] Log Explorer for Microsoft SQL Server xp_logattach buffer overflow
[9345] Microsoft SQL Server pwdencrypt() buffer overflow
[9329] Microsoft SQL Server SQLXML XML tag script injection
[9328] Microsoft SQL Server SQLXML ISAPI buffer overflow
[9327] Microsoft IIS ISAPI HTR chunked encoding heap buffer overflow
[9326] Microsoft RAS phonebook local buffer overflow
[9290] Microsoft Internet Explorer FTP server name cross-site scripting
[9276] Microsoft ASP.NET StateServer buffer overflow
[9247] Microsoft Internet Explorer Gopher client malformed reply buffer overflow
[9195] Microsoft Exchange message attribute denial of service
[9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
[9159] Microsoft Active Directory zero page length denial of service
[9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
[9146] Microsoft Passport SDK 2.1 events reporting disabled
[9123] Microsoft IIS 5.0 Log Files Directory Permission Exposure
[9122] Microsoft Internet Explorer JavaScript self.location refresh denial of service
[9121] Microsoft Internet Explorer for Unix could cause the CDE or X Server to crash when scrolling Chinese characters
[9101] Microsoft Internet Explorer cookies with embedded script could be used to access other cookies on the local system
[9094] Microsoft Passport Manager PASSPORTLOG.LOG exposure
[9091] Microsoft Passport Manager verbose mode exposure
[9090] Microsoft Internet Explorer MS02-023 patch is not installed on the system
[9089] Microsoft Internet Explorer and Outlook Express BGSOUND tag could allow an attacker to obtain sensitive information
[9088] Microsoft Internet Explorer and Outlook Express IFRAME tag could allow attacker to send data to a DOS device
[9087] Microsoft Internet Explorer and Outlook Express BGSOUND DOS device reference could cause a denial of service
[9086] Microsoft Internet Explorer "
[9085] Microsoft Internet Explorer "
[9084] Microsoft Internet Explorer NetBIOS connection could allow rendering of Web sites with incorrect security zone
[9081] InfraTrojan backdoor allows remote access to Windows
[9077] Microsoft Word Mail Merge variant could allow an attacker to execute arbitrary commands
[9068] Microsoft Passport SDK 2.1 registry default permission exposure
[9067] Microsoft Passport SDK 2.1 default test site exposure
[9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
[9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
[9064] Microsoft Passport SDK 2.1 default time window exposure
[9022] Intruzzo backdoor allows remote access to Windows computers
[8974] Cisco VPN Client insecure installation on Windows XP
[8969] Microsoft Internet Explorer and Outlook Express malformed XBM file denial of service
[8947] Microsoft Baseline Security Analyzer creates a plaintext security report file
[8941] Microsoft Internet Explorer JavaScript recursive onError event denial of service
[8926] Microsoft Outlook Express POP3 message containing two "
[8917] Storing of credentials or .NET passports for network authentication is allowed in Windows XP
[8904] Microsoft Internet Explorer self-referenced OBJECT directive denial of service
[8887] Digital encryption of secure data is not enabled in Windows XP
[8886] Anonymous enumeration of SAM accounts is enabled in Windows XP
[8885] Digital encryption or signing of secure data is disabled in Windows XP
[8868] Microsoft Internet Explorer dialog window cross-site scripting
[8862] Microsoft BackOffice Server allows attacker to bypass authentication for Web administration pages
[8853] Microsoft IIS CodeBrws.asp sample script can be used to view arbitrary file source code
[8851] Microsoft Internet Explorer for Macintosh could allow remote AppleScript execution
[8850] Microsoft Internet Explorer and Office for Macintosh HTML file:// directive buffer overflow
[8844] Microsoft Internet Explorer history allows URLs using the JavaScript protocol
[8816] Microsoft Internet Explorer does not clear local Web cache
[8815] Microsoft VBScript ActiveX Word object denial of service
[8811] Microsoft IIS MS02-018 patch is not installed on the system
[8810] Microsoft Outlook allows users access to blocked attachments
[8808] Microsoft Outlook Express allows attacker to create false attachment by changing icon
[8804] Microsoft IIS redirected URL error cross-site scripting
[8803] Microsoft IIS HTTP error page cross-site scripting
[8802] Microsoft IIS Help File search cross-site scripting
[8801] Microsoft IIS FTP session status request denial of service
[8800] Microsoft IIS FrontPage Server Extensions and ASP.NET ISAPI filter error handling denial of service
[8799] Microsoft IIS HTR ISAPI ISM.DLL extension buffer overflow
[8798] Microsoft IIS SSI safety check buffer overflow
[8797] Microsoft IIS ASP HTTP header parsing buffer overflow
[8796] Microsoft IIS ASP data transfer heap buffer overflow
[8795] Microsoft IIS ASP chunked encoding heap buffer overflow
[8786] Microsoft OWC DataSourceControl component could allow an attacker to verify a file`s existence using the "
[8785] Microsoft OWC Spreadsheet component could allow an attacker to verify a file`s existence using the "
[8784] Microsoft OWC Chart component could allow an attacker to verify a file`s existence using the "
[8779] Microsoft OWC Spreadsheet component "
[8778] Microsoft OWC Spreadsheet component "
[8777] Microsoft OWC Spreadsheet component "
[8740] Microsoft Internet Explorer Cascading Style Sheets (CSS) can be used to read portions of local files
[8711] Microsoft Office XP spreadsheet component host() function cross-application scripting
[8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
[8701] Microsoft Internet Explorer cookie allows remote attacker to execute script code in Local Computer zone
[8681] Microsoft Exchange OWA using RSA Security SecurID authentication bypass
[8667] Microsoft Internet Explorer and Outlook could allow the execution of files within Temporary Internet Files (TIFs)
[8658] Microsoft Internet Explorer DYNSRC information disclosure
[8615] Microsoft Outlook image tags allows remote attacker to bypass cookie settings
[8613] Microsoft Outlook allows remote attacker to embed JavaScript in URLs using HREF attribute
[8611] Microsoft Outlook IFRAME tags allows malicious Web sites to embed URLs
[8589] Apache HTTP Server for Windows DOS batch file remote command execution
[8488] Microsoft Internet Explorer JavaScript location.replace loop denial of service
[8480] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Bytecode Verifier could allow a Java Applet to bypass security restrictions
[8473] Microsoft Internet Explorer URL encoded characters could allow an attacker to access cookie information
[8471] Microsoft Internet Explorer dotless IP variant could allow rendering of Web sites with incorrect Security Zone
[8385] Microsoft IIS specially-crafted request reveals IP address
[8382] Microsoft IIS authentication error messages reveal configuration information
[8370] ARCserve backup client and Inoculan AV client for Microsoft Exchange stores plain text account information in exchverify.log
[8362] Microsoft FrontPage form_results.txt is world readable
[8359] Microsoft SQL Server multiple extended stored procedure buffer overflows
[8356] Microsoft Outlook X-UIDL: header denial of service
[8351] Sun Java Runtime Environment and Microsoft Virtual Machine (VM) Java Applet could be used to redirect browser traffic when using a proxy
[8341] Microsoft Internet Explorer 4.0 long OBJECT CLASSID denial of service
[8320] RealNetworks RealPlayer for Windows invalid .mp3 file denial of service
[8280] Matrix screen saver for Windows 95 bypass password protection
[8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
[8252] Microsoft Internet Explorer VBScript can be used to view local files
[8243] Microsoft SQL Server OLE DB provider name "
[8242] Microsoft Visual C++.Net and Visual C++ insecure buffer overflow protection
[8218] Microsoft Internet Explorer Content-Type header cross-site scripting
[8198] Microsoft Outlook Express <
[8191] Microsoft IIS 5.1 specially-crafted .cnf file request could reveal file contents
[8174] Microsoft IIS 5.1 .cnf file request could reveal sensitive information
[8120] Microsoft Internet Explorer could allow an attacker to execute script despite disabled scripting
[8118] Microsoft Internet Explorer could be used to open a program on a remote system
[8117] Microsoft Internet Explorer could misrepresent file names in the file download dialog box
[8116] Microsoft Internet Explorer HTML "
[8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
[8087] Microsoft Office v. X for Mac OS X PID Checker denial of service
[8080] Microsoft Site Server sample sites allow SQL injection
[8073] Microsoft Site Server LDAP_Anonymous user account generates weak passwords
[8071] Microsoft Site Server ASP files reveals sensitive information
[8069] Microsoft Site Server POST command directory traversal
[8056] Microsoft IIS is running on the system
[8053] Microsoft Site Server "
[8051] Microsoft Site Server stores LDAP member passwords in plain text
[8050] Microsoft Site Server default ASP pages allow cross-site scripting
[8048] Microsoft Site Server LDAP_Anonymous default account and password
[8036] ILOVEYOU or Love Letter worm uses Microsoft Outlook and mIRC to propagate and attack systems
[7969] Microsoft Internet Explorer for Mac OS could allow execution of files
[7954] BadBlue uploaded Microsoft Office document macro execution
[7947] BadBlue Microsoft Office file viewing script non-existent file request denial of service
[7946] BadBlue Microsoft Office file viewing script "
[7941] Microsoft Internet Explorer CODEBASE value allows remote program execution
[7938] Microsoft Internet Explorer HTML form denial of service
[7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
[7906] Microsoft Internet Explorer clipboardData object allows a remote attacker to view clipboard information
[7900] Microsoft Outlook PGP plug-in saves a decrypted copy of encrypted emails
[7885] BioNet backdoor for Windows
[7826] Microsoft Internet Explorer showModelessDialog() denial of service
[7815] Apache for Windows "
[7795] Microsoft FrontPage Server Extensions (FPSE) "
[7788] Microsoft FrontPage Server Extensions (FPSE) "
[7784] Microsoft Internet Explorer JavaScript OnError allows a remote attacker to determine a file`s existence
[7758] Microsoft Internet Explorer GetObject directory traversal allows an attacker to read files
[7737] Microsoft Internet Explorer "
[7725] Microsoft SQL Server C runtime format string attack
[7724] Microsoft SQL Server text message query buffer overflow
[7712] Microsoft Internet Explorer XMLHTTP redirect reveals contents of file
[7703] Microsoft Internet Explorer could allow automatic file download and execution
[7702] Microsoft Internet Explorer "
[7691] Microsoft IIS HTTP GET request with false "
[7670] Microsoft Outlook Express allows blocked attachments to be opened when the message is forwarded
[7663] Microsoft Exchange 5.5 OWA HTML email body embedded script execution
[7661] Microsoft Internet Explorer settimeout function in JavaScript can cause the program to crash
[7648] Microsoft Outlook Express for Macintosh long message line buffer overflow
[7640] Microsoft IIS is present on the system
[7636] Microsoft Internet Explorer could allow an attacker to spoof the file extension of a downloadable file
[7613] Microsoft IIS allows attackers to create fake log entries
[7610] CBlade worm infects Microsoft SQL Servers
[7592] Microsoft Internet Explorer allows an attacker to determine password characters
[7581] Microsoft Internet Explorer HTTP_USER_AGENT could allow attacker to determine the existence of patch Q312461
[7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
[7563] Microsoft Zero Administration Kit (ZAK) could allow an attacker to bypass file restrictions
[7559] Microsoft Index Server installed with IIS 4.0 could allow a local attacker to obtain physical path information
[7558] Microsoft IIS FileSystemObject in showfile.asp could allow remote attackers to read arbitrary files
[7545] Microsoft Internet Explorer installation wizard (ie5setup.exe) disables screen saver password and task scheduler
[7527] Microsoft SQL Server malformed RPC request denial of service
[7526] Microsoft Exchange Server malformed RPC request denial of service
[7497] Microsoft Internet Explorer remote file enumeration
[7486] Microsoft Internet Explorer "
[7446] Microsoft ISA Server fragmented UDP packet flood denial of service
[7426] Microsoft Internet Explorer may expose authentication information to redirected Web sites
[7425] OpenVMS and DECwindows Motif Server allows unauthorized access
[7407] Macintosh clients using Windows 2000 NTFS volumes can modify directory permissions
[7354] Microsoft SQL Server 6.5 stores the SQLExecutiveCmdExec in registry using weak encryption algorithm
[7336] Microsoft Internet Explorer for Mac OS X could allow the automatic execution of downloaded files
[7313] Microsoft Internet Explorer allows JavaScript to spoof dialog boxes
[7260] Microsoft Internet Explorer command execution with Telnet client in SFU
[7259] Microsoft Internet Explorer URL can contain encoded HTTP requests to third-party site
[7258] Microsoft Internet Explorer dotless IP could allow rendering of Web sites with incorrect Security Zone
[7223] Microsoft Excel and PowerPoint malformed document macro execution
[7202] Microsoft IIS 4.0/5.0 escaped percent found
[7201] Microsoft IIS 4.0/5.0 malformed double percent sequence
[7199] Microsoft IIS 4.0/5.0 malformed hex sequence
[7188] Norton Utilities for Windows 95 "
[7168] Microsoft Exchange OWA deeply-nested folder request denial of service
[7118] Microsoft Outlook Express "
[7093] Norton AntiVirus for Microsoft Exchange could reveal sensitive information to attackers
[7089] Microsoft Exchange OWA could allow search of global address list
[7052] Microsoft Outlook Express 6 file attachment security feature bypass
[7039] Microsoft Exchange OWA denial of service
[6995] Microsoft IIS %u Unicode wide character encoding detected
[6994] Microsoft IIS %u Unicode encoding detected
[6991] Microsoft ISA Server cross-site scripting
[6990] Microsoft ISA Server Proxy Service memory leak denial of service
[6989] Microsoft ISA Server H.323 Gatekeeper Service memory leak denial of service
[6985] Microsoft IIS relative path usage in system file process table could allow elevated privileges
[6984] Microsoft IIS specially-crafted SSI directives buffer overflow
[6983] Microsoft IIS invalid MIME header denial of service
[6982] Microsoft IIS WebDAV long invalid request denial of service
[6981] Microsoft IIS URL redirection denial of service
[6963] Microsoft IIS HTTPS connection could reveal internal IP address
[6914] Multiple Microsoft products malformed RPC request denial of service
[6883] Microsoft SFU Telnet denial of service
[6882] Microsoft SFU NFS denial of service
[6858] Microsoft IIS cross-site scripting patch denial of service
[6831] Microsoft Outlook "
[6800] Microsoft IIS device file request can crash the ASP processor
[6748] Microsoft Internet Explorer "
[6742] Microsoft IIS reveals .asp source code with Unicode extensions
[6732] Microsoft Word allows embedded macro to bypass security settings
[6730] Microsoft FrontPage Server Extensions Visual Studio RAD Support sub-component buffer overflow
[6705] Microsoft IIS idq.dll ISAPI extension buffer overflow
[6688] Microsoft Internet Explorer could allow remote attackers to view file contents from a victim`s hard drive
[6684] Microsoft SQL Server cached connections could allow an attacker to gain access to the database
[6655] Microsoft Outlook and Outlook Express Address Book allows attacker to spoof emails
[6652] Microsoft Exchange 2000 OWA script execution
[6651] Microsoft ISA Server Web Proxy denial of service caused by embedded code in HTML email
[6614] Microsoft Word .asd file macros could automatically execute
[6571] Microsoft Word RTF document automatic macro execution
[6556] Microsoft Internet Explorer HTML code manipulation could alter the URL displayed in the address bar
[6555] Microsoft Internet Explorer with certificate CRL checking enabled could allow Web site spoofing
[6549] Microsoft IIS WebDAV lock method memory leak can cause a denial of service
[6545] Microsoft IIS FTP weak domain authentication
[6535] Microsoft IIS FTP wildcard processing function denial of service
[6534] Microsoft IIS URL decoding error could allow remote code execution
[6533] PC4800 WLAN network adapter card may reveal SSID(s) in Windows registry
[6528] WLLUC WLAN network adapter card may reveal WEP encryption keys and SSID in Windows registry
[6527] Apache Web Server for Windows and OS2 denial of service
[6526] WLRBT WLAN network adapter card may reveal WEP encryption key and SSID in Windows registry
[6525] CW10 WLAN network adapter card may reveal security information in Windows registry
[6485] Microsoft IIS 5.0 ISAPI Internet Printing Protocol extension buffer overflow
[6448] Microsoft Internet Explorer 5.x allows active scripts using XML stylesheets
[6426] Microsoft Internet Explorer altering CLSID action allows malicious file execution
[6405] Microsoft Data Access Component Internet Publishing Provider allows WebDAV access
[6383] Microsoft ISA Server Web Proxy denial of service
[6370] ORiNOCO AS client Windows NT Remote Access Service ppp.log reveals RADIUS user credentials
[6361] ORiNOCO AS client software reveals wireless network name and RADIUS user credentials in Windows registry
[6306] Microsoft Internet Explorer HTML emails with incorrect MIME headers could allow execution of code
[6288] Microsoft Visual Studio VB-TSQL buffer overflow
[6265] Microsoft invalid digital certificates could be used for spoofing
[6238] Dagger backdoor for Windows 95/98
[6230] Microsoft Internet Explorer command execution with Telnet client in SFU
[6205] Microsoft IIS WebDAV denial of service
[6172] Microsoft Exchange malformed URL request denial of service
[6171] Microsoft IIS and Exchange malformed URL request denial of service
[6150] NetDemon backdoor for Windows 95/98
[6086] Microsoft Internet Explorer "
[6085] Microsoft Internet Explorer scriptlet rendering could allow Web site operators to read files
[6029] Microsoft IIS CmdAsp could allow remote attackers to gain privileges
[5938] Microsoft Internet Explorer mshtml.dll denial of service
[5903] Microsoft IIS 5.0 allows the viewing of files through malformed URL
[5823] Microsoft IIS Web form submission denial of service
[5785] Microsoft Media Services dropped connection denial of service
[5729] Microsoft IIS Far East editions file disclosure
[5622] Microsoft SQL XP srv_paraminfo() buffer overflow
[5615] Microsoft Internet Explorer file upload form
[5614] Microsoft Internet Explorer print template
[5575] Microsoft Media Player .WMS script execution
[5574] Microsoft Media Player .ASX buffer overflow
[5566] Microsoft Internet Explorer 5.5 index.dat file can be used to remotely execute code
[5541] CrazzyNet backdoor for Windows
[5537] Microsoft Exchange Server has a known username and password
[5510] Microsoft Internet Information Service (IIS) ISAPI buffer overflow
[5508] Microsoft Outlook client reveals physical path
[5504] Microsoft Internet Explorer "
[5500] Tini backdoor for Windows
[5494] Microsoft FrontPage 98 Server Extensions fpcount.exe CGI can be remotely crashed
[5470] Microsoft Internet Information Service (IIS) invalid executable filename passing
[5458] Rux Tick backdoor for Windows
[5441] Microsoft IIS .htw cross-site scripting
[5389] Event Horizon backdoor for Windows
[5377] Microsoft IIS Unicode translation error allows remote command execution
[5367] Microsoft Internet Explorer cached info
[5362] Remote Storm backdoor for Windows
[5356] Snid X2 backdoor for Windows
[5335] Microsoft IIS Index Server directory traversal
[5329] Host Control backdoor for Windows
[5328] GayOL backdoor for Windows and AOL
[5324] TransScout backdoor for Windows
[5322] Microsoft Word Mail Merge
[5304] Chupacabra backdoor for Windows
[5293] Microsoft Internet Explorer exposes users files
[5263] Microsoft Office 2000 executes .dll without users knowledge
[5202] Microsoft IIS invalid URL allows attackers to crash service
[5175] Microsoft Outlook and Outlook Express vCards buffer overflow
[5156] Microsoft IIS Cross-Site Scripting
[5147] Microsoft Money plain-text password
[5127] Microsoft Virtual Machine java applet allows malicious Web site to masquerade as visitor
[5124] Microsoft FrontPage Server Extensions device name denial of service
[5106] Microsoft IIS 4.0 discloses internal IP addresses
[5104] Microsoft IIS allows remote attackers to obtain source code fragments using +.htr
[5086] Qaz backdoor for Windows
[5080] Microsoft Office 2000 HTML object tag buffer overflow
[5075] Microsoft Internet Explorer "
[5071] Microsoft IIS canonicalization error applies incorrect permissions to certain types of files
[5025] Infector backdoor for Windows
[5016] Microsoft Excel register.id function
[5013] Microsoft Outlook and Outlook Express cache bypass
[4960] Microsoft IIS on Win2kPro security button restriction
[4953] Microsoft Outlook date header buffer overflow
[4951] Microsoft IIS absent directory browser argument
[4933] Microsoft SQL Enterprise Manager password disclosure
[4899] Microsoft FrontPage Extensions shtml.dll multiple access denial of service
[4893] Microsoft mail clients denial of service
[4883] Service ticket granted to a Windows 2000 security principal
[4864] Authentication ticket granted to a Windows 2000 security principal
[4863] Security identifier failed to be written to Windows 2000 security principal sIDHistory
[4862] Security identifier added to Windows 2000 security principal sIDHistory
[4849] Asylum RAT (Remote Access Tool) backdoor for Windows
[4848] Connection backdoor for Windows 95/98
[4845] SniperNet backdoor for Windows 95/98
[4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
[4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
[4814] Syphillis backdoor for Windows 95/98
[4790] Microsoft IIS \mailroot\pickup directory denial of service
[4789] Swift Remote backdoor for Windows 95/98
[4757] Microsoft IIS server-side includes (SSI) #exec directive
[4710] Norton AntiVirus for Microsoft Exchange unzip buffer overflow
[4709] Norton AntiVirus for Microsoft Exchange may enter "
[4679] Microsoft DNS Server - Name offset exceeding DNS message packet length
[4678] Microsoft DNS Server using a large amount of memory
[4677] Microsoft DNS Server - Invalid DNS UPDATE message in DNS packet
[4676] Microsoft DNS Server - excessive bad packets received
[4675] Microsoft DNS Server - Invalid domain name offset in DNS message packet
[4672] Logon attempt failure reported by Windows Service Control Manager
[4663] Microsoft DNS Server - Invalid domain name
[4654] Microsoft DNS Server - Invalid domain name in DNS message packet
[4637] Microsoft DNS Server - Domain name exceeding maximum packet length
[4635] Microsoft DNS Server - CNAME loop during caching
[4627] Microsoft Internet Explorer fails to revalidate certificates within the same session
[4624] Microsoft Internet Explorer fails to validate certificates in images or frames
[4601] Microsoft Internet Explorer HTML Help file code execution
[4582] Microsoft SQL Server DTS package reveals passwords
[4569] NetOp bypasses Windows NT security to retrieve files
[4558] Microsoft IIS is installed on a domain controller
[4500] Microsoft Internet Explorer frame domain verification
[4496] Y3K RAT backdoor for Windows
[4484] Microsoft FrontPage Server Extensions image mapping components allow remote code execution
[4456] Microsoft Internet Explorer external.NavigateAndFind function bypasses cross-frame security
[4448] Microsoft IIS ISM.DLL could allow users to read file contents
[4447] Microsoft Internet Explorer bug allows Web page operator to view cookie
[4446] Microsoft Outlook Express filename overflow could allow attacker to execute files
[4445] Microsoft Office UA Control malicious Web operator
[4439] Microsoft FrontPage Server Extensions"
[4430] Microsoft IIS malformed URL extension data denial of service
[4399] Microsoft Commercial Internet System (MCIS) Mail server IMAP buffer overflow
[4397] NetBIOS requests with a NULL source address can cause Windows 9x to become unstable
[4392] Microsoft IIS could reveal source code of ASP files in some virtual directories
[4339] Glacier backdoor for Windows
[4333] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file buffer overflow
[4302] Microsoft IIS malformed AuthChangUrl request can cause the server to stop servicing requests
[4280] Microsoft DNS resolver may accept responses from non-queried hosts
[4279] Microsoft IIS escape characters denial of service
[4268] Microsoft FrontPage 98 Server Extensions DVWSSR.DLL file could allow remote ASP source retrieval
[4232] Microsoft Index Server idq.dll allows remote directory traversal
[4227] Microsoft Index Server webhits.dll reveals source of ASP files
[4224] Microsoft Excel XLM macros do not generate warning messages
[4204] Microsoft IIS virtual UNC share source read
[4183] Microsoft IIS could disclose path of network shares
[4165] NetSpy 1.2 backdoor for Windows
[4152] Microsoft Outlook allows users to manipulate hidden drives
[4150] Telecommando backdoor for Windows 95/98
[4149] Satans Backdoor for Windows
[4148] Donald Dick backdoor for Windows
[4146] Master`s Paradise98 backdoor for Windows
[4145] NCX backdoor for Windows
[4144] Devil backdoor for Windows
[4117] Microsoft IIS chunked encoding post or put denial of service
[4110] Microsoft SQL Server remote query abuse
[4109] Microsoft Clip Art Gallery CIL file buffer overflow
[4105] Sockets de Troie (Socket23) backdoor for Windows
[4061] Funtime Apocalypse denial of service tool for Windows
[3996] Microsoft Internet Explorer image source redirect
[3986] Microsoft IIS ASP could be used to gain sensitive information
[3959] Microsoft Direct Access Object (DAO) or JET method denial of service
[3892] Microsoft IIS Long URL with excessive forward slashes passed to ASP causes an access violation
[3890] Microsoft Index Server error could reveal sensitive path information
[3854] Microsoft Office 2000 security setting
[3837] Microsoft Internet Explorer Suite 4 HTML buffer overflow
[3803] Microsoft Internet Explorer directshow filter (MSDXM.OCX) buffer overflow
[3722] A Windows NT user can use SUBST to map a drive letter to a folder
[3675] Microsoft DNS server cache pollution can occur if DNS spoofing has been encountered
[3668] Microsoft Internet Explorer Cross Frame could be used to view files on client computers
[3666] Microsoft Internet Explorer Web Proxy Auto-Discovery could allow clients to accept untrusted proxy setting information
[3558] Print Operators group in Windows 2000 contains a suspicious member who might not be authorized
[3468] Driver Signing check in Windows 2000 may be disabled to allow non-signed driver to be installed
[3443] Domain Administrator group in Windows 2000 contains a suspicious member who might not be authorized
[3393] Microsoft FrontPage Extensions authors.pwd file could reveal encrypted passwords
[3391] Microsoft FrontPage Extensions service.pwd file could reveal encrypted passwords
[3378] Microsoft Virtual Machine could allow a malicious Java applet to bypass security restrictions
[3371] Microsoft Excel imports and runs Lotus 1-2-3 or Quattro Pro macros without warning
[3326] Total Eclypse backdoor FTP server for Windows
[3311] Microsoft Internet Explorer registration wizard ActiveX buffer overflow
[3306] Microsoft IIS could allow remote access to servers marked as Restrict Access
[3268] Microsoft Internet Explorer uses weak encryption
[3246] Microsoft HTML table form Denial of Service
[3244] Microsoft Scriptlet.typelib and Eyedog ActiveX controls are unsafe
[3222] BackConstruction backdoor for Windows
[3221] Microsoft SQL Server 6.5 non-trusted connection successful
[3220] Microsoft SQL 6.5 Server shutdown
[3219] Microsoft SQL Server 6.5 started
[3218] Microsoft SQL Server failed connection
[3217] Microsoft SQL Server non-trusted connection successful
[3216] Microsoft SQL Server shutdown
[3215] Microsoft SQL Server started
[3214] Microsoft SQL Server trusted connection successful
[3201] Microsoft SQL Server login failed - user not trusted
[3200] Microsoft SQL Server login failed - user not Administrator
[3199] Microsoft SQL Server login failed - invalid user
[3198] Microsoft SQL Server login failed - too many users
[3197] Microsoft SQL Server login failed
[3196] Microsoft LDAP server blacklist failed
[3195] Microsoft LDAP server permanent blacklist
[3194] Microsoft LDAP server temporary blacklist
[3162] BigGluck backdoor for Windows
[3161] Ultors backdoor for Windows
[3156] Microsoft Jet Text I-ISAM allows users to alter system files
[3155] Microsoft Jet VBA shell execution
[3151] StealthSpy backdoor for Windows
[3150] ServeMe backdoor for Windows 95/98
[3149] The Unexplained 1.0 backdoor for Windows 95/98 and Windows NT
[3148] SecretService backdoor for Windows 95/98
[3147] Truva 1.2 backdoor for Windows 95/98
[3143] RWS backdoor for Windows
[3131] AOL Admin backdoor for Windows and AOL
[3130] Doly backdoor for Windows
[3122] Deltasource backdoor for Windows
[3120] The Thing backdoor for Windows
[3119] Progenic backdoor for Windows 95/98 and Windows NT
[3118] Schwindler backdoor for Windows 95/98
[3117] Microsoft FrontPage long URL buffer overflow
[3115] Microsoft IIS and SiteServer denial of service caused by malformed HTTP requests
[3113] Hacker`s Paradise backdoor for Windows 95/98 and Windows NT
[3112] Prosiak backdoor for Windows
[3111] Millenium backdoor for Windows
[3110] HVL-RAT backdoor for Windows and AOL
[3100] Frenzy backdoor for Windows 95/98
[3099] Blazer5 backdoor for Windows 95/98 and Windows NT
[2761] Microsoft Office 97 files are out of date
[2686] Microsoft Outlook long file name patch not applied
[2685] Microsoft Outlook Express long file name patch not applied
[2675] Microsoft IIS 4.0 samples installation on Web server
[2673] Microsoft IIS samples installation on Web server
[2671] Microsoft IIS Passive FTP patch not applied (asp.dll out of date)
[2670] Microsoft IIS Passive FTP patch not applied (wam.dll out of date)
[2669] Microsoft IIS Passive FTP patch not applied (w3svc.dll out of date)
[2668] Microsoft IIS Passive FTP patch not applied (infocomm.dll out of date)
[2662] Microsoft IIS CGI overflow
[2661] Microsoft Internet Explorer MK overrun
[2444] Microsoft Internet Explorer unsigned ActiveX download
[2412] Microsoft IIS account is member of Domain Users
[2390] NetMonitor backdoor for Windows 95/98 and Windows NT
[2389] Backdoor2 for Windows
[2387] Forced Entry backdoor for Windows
[2386] Coma backdoor for Windows 95/98
[2381] Microsoft IIS and SiteServer Showcode.asp sample file allows remote file viewing
[2326] phAse zero backdoor for Windows 95/98 and Windows NT
[2324] GirlFriend backdoor for Windows
[2323] Portal of Doom backdoor for Windows
[2322] GateCrasher backdoor for Windows
[2321] NetSphere backdoor for Windows and ICQ
[2310] EvilFTP backdoor FTP server for Windows
[2302] Microsoft IIS using double-byte code pages could allow remote attackers to retrieve source code
[2290] DeepThroat backdoor for Windows
[2283] CMail server for Windows installs with a default administrator password
[2282] Microsoft IIS bdir.htr allows remote traversal of directory structure
[2281] Microsoft IIS buffer overflow in HTR requests can allow remote code execution
[2252] Microsoft Jet database engine allows embedded VBA strings, which could allow execution of commands
[2245] SubSeven backdoor for Windows
[2244] Microsoft Internet Explorer favorites feature malicious icon file
[2229] Microsoft IIS ExAir sample site denial of service
[2216] Microsoft Internet Explorer crossframe vulnerability allows scripts to run in elevated context
[2214] Microsoft Internet Explorer Son of Cuartango issue allows remote file retrieval
[2213] Microsoft Internet Explorer Untrusted Scripted Paste issue could allow remote file retrieval
[2209] Microsoft Internet Explorer treats dotless IP addresses as members of the local Intranet zone
[2204] Timbuktu is a remote control server for Macintosh and Windows computer
[2186] Microsoft Excel virus warning features could possibly be bypassed by malicious files
[2185] Microsoft IIS and Site Server sample programs can be used to remotely view files
[2173] Microsoft Internet Explorer FSO could allow remote file manipulation from a Web server
[2161] Microsoft Internet Explorer DHTML edit control can be used to read arbitrary files
[2142] Microsoft SQL Server allows users of remote SQL Servers to connect allowing unauthorized users of those servers access
[2140] Microsoft SQL Server trojan horse found in system stored procedures
[2139] Unencrypted Microsoft SQL Server triggers found
[2136] Microsoft SQL Server device files should be on NTFS partitions
[2134] Microsoft SQL Server backups should be performed regularly
[2133] Microsoft SQL Server replication is enabled
[2132] Microsoft SQL Server Trace Flags should be off
[2130] Microsoft SQL Server protocols found that allow packet sniffing
[2128] Microsoft SQL Server bug found that prohibits revoke permissions on certain tables
[2119] Microsoft SQL Server registry extended stored procedures found that could be used to read or write to the registry
[2095] Microsoft SQL Server OLE Automation extended stored procedures were found that can be used to reconfigure the security of other services
[2094] Microsoft SQL Server password encryption is not enabled for all login Ids
[2093] The account under which the Microsoft SQL Server service is running is not in compliance with policy
[2092] Microsoft SQL Server extended stored procedure xp_sprintf buffer overflow
[2077] Microsoft SQL Server extended stored procedure xp_sqlinventory can be used to crash SQL Server
[2070] Microsoft Internet Explorer allows remote files to be retrieved by a malicious user
[2069] Microsoft Internet Explorer can allow malicious pages to spoof legitimate, trusted sites
[2036] Microsoft PWS could be exploited to remotely read arbitrary files
[1969] Microsoft Exchange LDAP denial of service
[1823] Microsoft IIS long GET request denial of service
[1822] ARCserver Windows NT backup agents use very weak encryption for passwords
[1803] Unencrypted Microsoft SQL Server stored procedures found
[1780] Microsoft Office 98 documents may be saved with sensitive information
[1774] Microsoft Access databases use weak passwords
[1770] Microsoft SQL Server SQLMail allows logins to send email
[1769] Latest Microsoft SQL Server Service Packs are not installed
[1764] Latest Windows NT Service Pack is not installed
[1762] Microsoft SQL Server permissions on extended stored procedures found that are not in compliance with policy
[1761] Microsoft SQL Server is configured to execute stored procedures at startup that could be used as backdoors
[1760] Microsoft SQL Server statement permissions found that are granted to users other than dbo
[1759] Microsoft SQL Server objects not owned by database owner
[1757] Microsoft SQL Server allows direct system table updates to be denied
[1750] Microsoft SQL Server logins during unauthorized hours found
[1749] Microsoft SQL Server permissions on system tables found granted to public
[1737] Microsoft Excel CALL function can execute programs without user warning
[1735] Microsoft IIS with Visual InterDev no authentication
[1715] Microsoft SQL Server object permissions granted to groups are non-compliant with policy
[1714] Microsoft SQL Server user permissions found that are not in compliance with policy
[1713] Microsoft SQL Server Enterprise Manager leaves traces of unencrypted sa password in registry when changing authentication mode of a registered server
[1712] Microsoft SQL Server Enterprise Manager leaves traces of previous unencrypted sa passwords in registry
[1711] Microsoft SQL Server Enterprise Manager stores unencrypted sa password in registry
[1710] Microsoft SQL Server integrated logins found and should be reviewed
[1709] Microsoft SQL Server guest user IDs found
[1708] Microsoft SQL Server stale logins found
[1705] Microsoft SQL Server orphaned user IDs found that could result in unauthorized permissions being granted
[1704] Microsoft SQL Server mismatched user IDs could result in granting of unauthorized permissions
[1703] Microsoft SQL Server can be configured to audit failed or successful logins
[1702] Microsoft SQL Server can be configured for different authentication methods
[1701] Microsoft SQL Server set to view NT username, not hostname when viewing current users
[1700] Microsoft SQL Server guest login found
[1697] Microsoft SQL Server allows easily-guessed passwords
[1675] Microsoft Internet Explorer 4.0 connection-reuse problem
[1656] Microsoft IIS 4.0 allows user to avoid HTTP request logging
[1654] Microsoft IIS remote FTP buffer overflow
[1652] Quakenbush Password Appraiser publishes Windows NT user passwords to the Internet
[1638] Microsoft IIS crashes processing some GET commands
[1530] Microsoft IIS 3.0 newdsn.exe sample application allows remote creation of arbitrary files
[1459] Blank sa password on Microsoft SQL Server
[1458] Blank probe password found on Microsoft SQL Server
[1457] Microsoft SQL server detection (TCP)
[1451] Microsoft SQL Server detection (named pipes)
[1422] CSM Proxy 4.1 remote buffer overflow crashes proxy and underlying Windows NT system
[1383] Microsoft TCP/IP allows an attacker to reset connections
[1376] Microsoft Proxy 2.0 denial of service
[1368] Microsoft IIS 4.0 allows file execution in the Web site directory
[1354] Windows NT Domain Administrators group includes non-default user
[1273] Microsoft IIS special characters allowed in shell
[1272] Microsoft IIS CGI scripts run as system
[1271] Microsoft IIS version 2 installed
[1270] Microsoft IIS incorrect permissions on restricted item
[1269] Microsoft IIS incorrect Web permissions
[1268] Microsoft IIS SSI #exec enabled
[1228] NetBus trojan horse for Windows
[1226] Microsoft DNS Server - DNS Zone Transfers from high ports
[1223] Microsoft Exchange Server SMTP and NNTP denial of service
[1216] Microsoft IIS SSL patch not applied
[1215] Microsoft IIS Passive FTP patch not applied
[1212] Microsoft IIS unauthorized ODBC data access with RDS
[1211] Remote DeskLink for Windows 95 is installed
[1125] Microsoft IIS ASP DATA issue could reveal source code
[949] Microsoft IIS server script debugging enabled
[948] Microsoft IIS samples installed on Web server
[943] Microsoft Office installed on Web server
[936] Microsoft IIS NTFS insecure permissions
[935] Microsoft IIS executable paths
[917] Microsoft Internet Explorer MK overrun
[916] Microsoft Internet Explorer Embed issue
[910] Microsoft Office 97 files are out of date
[908] Microsoft FrontPage extensions under Unix create world readable password files
[621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
[587] Microsoft Internet Explorer Freiburg text viewing issue
[562] Microsoft Office file manager allows users to see files without access
[561] Microsoft FrontPage 1.1 allows users to write to executable directories
[533] Program exists to replace a password on a Windows NT computer
[527] L0phtCrack 1.5 can crack Windows NT passwords
[470] Microsoft Excel passwords are easily cracked
[463] Microsoft Internet Explorer 3.0 allows remote command execution
[462] Microsoft Internet Explorer 3.0.1 .ISP script file execution
[459] Microsoft Internet Explorer divulges sensitive information in response to NTLM requests
[456] Microsoft Internet Explorer and Netscape Java applets can open network connections to a server
[397] Microsoft cd .. Bug
[387] SMB NetBIOS Test: Possible Windows NT dotdot denial of service
[385] Microsoft Internet Explorer has the check security certificate before sending option disabled
[362] Microsoft Internet Explorer entering/leaving a secure site warning disabled
[361] Microsoft Internet Explorer is outdated
[360] Microsoft Internet Explorer non-secure form submission warning is disabled
[359] Microsoft Internet Explorer has Java enabled
[358] Microsoft Internet Explorer Form redirection enabled
[357] Microsoft Internet Explorer has check security certificate before viewing option disabled
[356] Microsoft Internet Explorer allows secure content to be cached
[355] Microsoft Internet Explorer allows ActiveX controls to be automatically executed
[354] Microsoft Internet Explorer active scripting is enabled
[353] Microsoft Internet Explorer allows active content to be automatically downloaded
[352] Microsoft Internet Explorer has low active content security
[351] Microsoft Internet Explorer accept cookies warning disabled
[336] Microsoft IIS ASP dot bug
[295] WebSite 1.1 for Windows NT winsample buffer overflow
[256] Microsoft IIS can be remotely crashed by excessively long client requests
[185] Unknown Windows service
[7] Microsoft IIS ASP source visible
Exploit-DB - https://www.exploit-db.com:
[30825] Microsoft Windows Media Digital Rights Management ActiveX Control Buffer Overflow Vulnerability
[30645] Microsoft Windows URI Handler Command Execution Vulnerability
[30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
[30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
[30619] Microsoft Windows Explorer PNG Image - Local Denial Of Service Vulnerability
[30462] Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability
[30392] Microsoft Windows ndproxy.sys - Local Privilege Escalation
[30160] Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability
[29813] Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
[29771] Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
[29738] Microsoft Windows XP/2000 WinMM.DLL - WAV Files Remote Denial of Service (DoS) Vulnerability
[29659] Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability
[29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
[29286] Microsoft Windows Explorer explorer.exe WMV File Handling DoS
[29285] Microsoft Windows Media 6.4/10.0 - MID Malformed Header Chunk DoS
[28834] Microsoft Windows XP CMD.EXE Buffer Overflow Vulnerability
[28482] MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
[28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
[28381] microsoft windows xp/2000/2003 help Multiple Vulnerabilities
[28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
[28299] Microsoft Windows XP/2000/2003 Graphical Device Interface Plus Library Denial of Service Vulnerability
[28263] Microsoft Windows XP/2000/2003 Remote Denial of Service Vulnerability
[28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
[27930] Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability
[27851] Microsoft Windows - Path Conversion Weakness
[27051] Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities
[26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
[26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
[26323] Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability
[26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
[25737] Microsoft Windows 98SE User32.DLL Icon Handling Denial of Service Vulnerability
[25454] Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability
[25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
[25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
[25268] Microsoft Windows XP TSShutdn.exe Remote Denial of Service Vulnerability
[25259] Microsoft Windows XP Local Denial of Service Vulnerability
[25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
[25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
[25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
[24699] Microsoft Windows XP WAV File Handler Denial of Service Vulnerability
[24682] Microsoft Windows XP Weak Default Configuration Vulnerability
[24605] Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability
[24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
[24173] PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability
[24125] Microsoft Windows XP Self-Executing Folder Vulnerability
[24051] Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability
[23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
[23850] Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability
[23717] Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
[23675] Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability
[23504] Microsoft Windows XP/2000 showHelp CHM File Execution Weakness
[23247] Microsoft Windows XP/2000 Messenger Service Buffer Overrun Vulnerability
[23229] Microsoft Windows XP/2000/2003 Message Queuing Service Heap Overflow Vulnerability
[23210] Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability
[23179] Oracle MySQL for Microsoft Windows MOF Execution
[23101] Microsoft Windows 98 Fragmented UDP Flood Denial of Service Vulnerability
[23093] Microsoft Windows XP TCP Packet Information Leakage Vulnerability
[23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
[22917] Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
[22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
[22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
[22870] Microsoft Windows XP/2000 RunDLL32.EXE Buffer Overflow Vulnerability
[22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
[22824] Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability
[22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
[22570] Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability
[22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
[22368] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (4)
[22367] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (3)
[22366] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (2)
[22365] Microsoft Windows XP/2000/NT 4 ntdll.dll Buffer Overflow Vulnerability (1)
[22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
[22303] Microsoft Windows Help program (WinHlp32.exe) Crash PoC
[22289] Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability
[22255] Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability
[22245] Microsoft Windows NT/2000 cmd.exe CD Buffer Overflow Vulnerability
[22232] Microsoft Windows XP HCP URI Buffer Overflow Vulnerability
[22225] Microsoft Windows XP Redirector Privilege Escalation Vulnerability
[22194] Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability
[22132] Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability
[21954] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (4)
[21953] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (3)
[21952] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (2)
[21951] Microsoft Windows XP/2000/NT 4 RPC Service Denial of Service Vulnerability (1)
[21717] Microsoft Windows XP HCP URI Handler Abuse Vulnerability
[21670] Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability
[21485] Microsoft Windows 95/98/2000/NT4 WinHlp Item Buffer Overflow Vulnerability
[21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
[21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
[21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
[21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
[21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
[21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
[21240] Microsoft Windows XP .Manifest Denial of Service Vulnerability
[21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
[21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
[21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
[21130] Microsoft Windows NT 3/4 CSRSS Memory Access Violation Vulnerability
[21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
[21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
[21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
[21047] Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability
[20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
[20861] Microsoft Windows Kernel Intel x64 SYSRET PoC
[20613] Microsoft Windows 98/2000 UDP Socket DoS Vulnerability
[20596] Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability
[20564] Microsoft Windows NT 4.0 SNMP-WINS DoS Vulnerability
[20553] Microsoft Windows Media Player 7.0 .WMZ Arbitrary Java Applet Vulnerability
[20528] Microsoft Windows Media Player 7.0 Javascript URL Vulnerability
[20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow
[20427] Microsoft Windows Media Player 7.0 .ASX Buffer Overflow Vulnerability
[20424] Microsoft Windows Media Player 7.0 .WMS Arbitrary Script Vulnerability
[20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
[20371] Microsoft Windows 95/WfW smbclient Directory Traversal Vulnerability
[20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
[20317] Microsoft Windows NT 4.0 MSIEXEC Registry Permissions Vulnerability
[20288] Microsoft Windows 9x File Handle Buffer Overflow Vulnerability
[20284] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (2)
[20283] Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability (1)
[20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
[20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
[20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
[20254] Microsoft Windows NT 4.0 Invalid LPC Request DoS Vulnerability
[20243] Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability
[20240] Microsoft Windows Media Player 7 Embedded OCX Control Vulnerability
[20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
[20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
[20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
[20106] Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability
[20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
[20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
[19974] Microsoft Windows Media Services 4.0/4.1 DoS Vulnerability
[19889] Microsoft Windows 95/98 NetBIOS NULL Name Vulnerability
[19798] Microsoft Windows NT 4.0 User Shell Folders Vulnerability
[19759] Microsoft Windows Media Services 4.0/4.1 Handshake Sequence DoS
[19754] Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability
[19739] Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability
[19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
[19673] Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability
[19578] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2)
[19577] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1)
[19502] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability
[19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability
[19462] Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability
[19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
[19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
[19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
[19359] Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability
[19239] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability
[19238] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 DoS Duplicate Hostname Vulnerability
[19211] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability
[19209] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Help File Buffer Overflow Vulnerability
[19198] Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability
[19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability"
[19196] "Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability"
[19195] Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability
[19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
[19113] Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability
[19103] HP HP-UX <= 10.34,Microsoft Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3
[19002] Microsoft Windows OLE Object File Handling Remote Code Execution
[18819] Microsoft Windows xp Win32k.sys Local Kernel DoS Vulnerability
[18372] Microsoft Windows Assembly Execution Vulnerability MS12-005
[17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
[17133] Microsoft Windows xp AFD.sys Local Kernel DoS Exploit
[17037] PostgreSQL for Microsoft Windows Payload Execution
[16957] Oracle MySQL for Microsoft Windows Payload Execution
[16660] Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
[16574] Microsoft Windows Shell LNK Code Execution
[16374] Microsoft Windows Authenticated User Code Execution
[16363] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
[16360] Microsoft Windows SMB Relay Code Execution
[15839] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption
[14778] Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)
[14733] Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll)
[14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
[14705] Microsoft Windows (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability
[14674] Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)
[14670] Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047)
[14669] Microsoft Windows win32k!GreStretchBltInternal() Does Not Handle src == dest
[14668] Microsoft Windows win32k!xxxRealDrawMenuItem() Missing HBITMAP Bounds Checks
[14667] Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)
[14666] Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)
[14611] Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability (MS10-048)
[14610] Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability
[14608] Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)
[14566] "Microsoft Windows win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow"
[14403] Microsoft Windows Automatic LNK Shortcut File Code Execution
[13808] Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
[12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow
[11195] Microsoft Windows Defender ActiveX Heap Overflow PoC
[10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
[9301] Microsoft Windows XP (win32k.sys) Local Privilege Escalation Exploit
[4045] Microsoft Windows Animated Cursor Stack Overflow Exploit
[3746] Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (port 445) (2)
[1352] Microsoft Windows DTC Remote Exploit (PoC) (MS05-051) (updated)
[31118] Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability
[30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
[30887] phPay 2.2.1 Windows Installations Local File Include Vulnerability
[30773] Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability
[30767] Apple Safari 3.0.x for Windows Document.Location.Hash Buffer Overflow Vulnerability
[30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
[30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
[30622] Microsoft Internet Explorer 5.0.1 File Upload Vulnerability
[30593] Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability
[30567] Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
[30537] Microsoft MSN Messenger <= 8.0 - Video Conversation Buffer Overflow Vulnerability
[30494] Microsoft Internet Explorer 5.0.1 Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
[30493] Microsoft XML Core Services <= 6.0 SubstringData Integer Overflow Vulnerability
[30490] Microsoft Internet Explorer 5.0.1 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability
[30455] Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability
[30397] Windows Kernel win32k.sys - Integer Overflow (MS13-101)
[30285] Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability
[30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
[30194] Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability
[30193] Apple Safari 3.0.1 for Windows Corefoundation.DLL Denial of Service Vulnerability
[30176] Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability
[30169] WindowsPT 1.2 User ID Key Spoofing Vulnerability
[30014] Windows NDPROXY - Local SYSTEM Privilege Escalation
[30011] Microsoft Tagged Image File Format (TIFF) Integer Overflow
[29951] Microsoft SharePoint Server 3.0 Cross-Site Scripting Vulnerability
[29858] MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
[29800] Microsoft Internet Explorer 7.0 HTML Denial of Service Vulnerability
[29741] Microsoft Internet Explorer 7.0 NavCancel.HTM Cross-Site Scripting Vulnerability
[29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
[29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
[29619] Microsoft Internet Explorer 6.0 - Local File Access Weakness
[29536] Microsoft Internet Explorer 5.0.1 - Multiple ActiveX Controls Denial of Service Vulnerabilities
[29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
[29295] Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability
[29292] XAMPP for Windows 1.8.2 - Blind SQL Injection
[29236] Microsoft Internet Explorer 7.0 CSS Width Element Denial of Service Vulnerability
[29229] Microsoft Internet Explorer 6.0 Frame Src Denial of Service Vulnerability
[29172] Microsoft Office 97 HTMLMARQ.OCX Library Denial of Service Vulnerability
[28996] Messagebox Shellcode (113 bytes) - Any Windows Version
[28974] MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
[28897] Microsoft Internet Explorer 7.0 MHTML Denial of Service Vulnerability
[28880] Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability
[28877] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2)
[28876] Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (1)
[28822] Microsoft Class Package Export Tool 5.0.2752 0 Clspack.exe Local Buffer Overflow Vulnerability
[28679] Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial of Service
[28500] Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability
[28481] MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
[28438] Microsoft Internet Explorer 5.0.1 Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability
[28421] Microsoft Internet Explorer 6.0 - Multiple COM Object Color Property Denial of Service Vulnerabilities
[28401] Microsoft Internet Explorer 6.0 Visual Studio COM Object Instantiation Denial of Service Vulnerability
[28400] Microsoft Internet Explorer 6.0 TSUserEX.DLL ActiveX Control Memory Corruption Vulnerability
[28389] Microsoft Internet Explorer 6.0 MSOE.DLL Denial of Service Vulnerability
[28387] Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service Vulnerability
[28343] Microsoft Internet Explorer 6.0/7.0 IFrame Refresh Denial of Service Vulnerability
[28301] Microsoft Internet Explorer 6.0 Deleted Frame Object Denial of Service Vulnerability
[28286] Microsoft Internet Explorer 6.0 NDFXArtEffects Stack Overflow Vulnerability
[28265] Microsoft Internet Explorer 6.0 Native Function Iterator Denial of Service Vulnerability
[28259] Microsoft Internet Explorer 6.0 NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability
[28258] Microsoft Internet Explorer 6.0 - Multiple Object ListWidth Property Denial of Service Vulnerability
[28256] Microsoft Internet Explorer 6.0 Internet.HHCtrl Click Denial of Service Vulnerability
[28252] Microsoft Internet Explorer 6.0 String To Binary Function Denial of Service Vulnerability
[28246] Microsoft Internet Explorer 6.0 OVCtl Denial of Service Vulnerability
[28244] Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability
[28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
[28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
[28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
[28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
[28222] microsoft works 8.0 spreadsheet Multiple Vulnerabilities
[28213] Microsoft Internet Explorer 6.0 RevealTrans Denial of Service Vulnerability
[28207] Microsoft Internet Explorer 6.0 TriEditDocument Denial of Service Vulnerability
[28202] Microsoft Internet Explorer 6.0 HtmlDlgSafeHelper Remote Denial of Service Vulnerability
[28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
[28197] Microsoft Internet Explorer 6.0 Object.Microsoft.DXTFilter Denial of Service Vulnerability
[28196] Microsoft Internet Explorer 6.0 DirectAnimation.DAUserData Denial of Service Vulnerability
[28194] Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability
[28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
[28187] MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free
[28169] Microsoft Internet Explorer 5.0.1/6.0 Structured Graphics Control Denial of Service Vulnerability
[28164] Microsoft Internet Explorer 6.0 Href Title Denial of Service Vulnerability
[28145] Microsoft Internet Explorer 6.0 ADODB.Recordset Filter Property Denial of Service Vulnerability
[28144] Microsoft Internet Explorer 6.0 OutlookExpress.AddressBook Denial of Service Vulnerability
[28118] Microsoft Internet Explorer 5.0.1 OuterHTML Redirection Handling Information Disclosure Vulnerability
[28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
[28082] MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
[28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
[28001] Microsoft SMB Driver Local Denial of Service Vulnerability
[27984] Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability
[27971] Microsoft Internet Explorer 5.0.1 Frameset Memory Corruption Vulnerability
[27906] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability
[27850] Microsoft Infotech Storage Library Heap Corruption Vulnerability
[27745] Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability
[27744] Microsoft Internet Explorer 5.0.1 Modal Dialog Manipulation Vulnerability
[27727] Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability
[27620] Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
[27577] Microsoft Internet Explorer 5.0 Address Bar Spoofing Vulnerability
[27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities
[27433] Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability
[27180] Windows RT ARM Bind Shell (Port 4444)
[27082] Microsoft Internet Explorer 5.0.1 Malformed IMG and XML Parsing Denial of Service Vulnerability
[27073] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (2)
[27072] Microsoft Visual Studio UserControl Remote Code Execution Vulnerability (1)
[27055] Microsoft Excel 95-2004 Malformed Graphic File Code Execution Vulnerability
[26985] Microsoft Internet Explorer 5.0.1 HTML Parsing Denial of Service Vulnerabilities
[26951] Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC
[26869] Microsoft Excel 95/97/2000/2002/2003/2004 Unspecified Memory Corruption Vulnerabilities
[26769] Microsoft Excel 95/97/2000/2002/2003/2004 Malformed Range Memory Corruption Vulnerability
[26554] Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation
[26517] Microsoft Office PowerPoint 2007 - Crash PoC
[26457] Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability
[26292] Microsoft Internet Explorer 5.2.3 for Mac OS Denial of Service Vulnerability
[26230] Microsoft IIS 5.1 WebDAV HTTP Request Source Code Disclosure Vulnerability
[26175] MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow
[26167] Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
[25999] Microsoft Internet Explorer textNode Use-After-Free
[25992] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering CMP Fencepost Denial of Service Vulnerability
[25991] Microsoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
[25962] Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability
[25912] Windows NT - Windows 8 EPATHOBJ Local Ring 0 Exploit
[25784] Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability
[25408] Windows Media Player 11.0.0 (.wav) - Crash PoC
[25386] Microsoft Internet Explorer 5.0.1 DHTML Object Race Condition Memory Corruption Vulnerability
[25385] Microsoft Internet Explorer 5.0.1 Content Advisor File Handling Buffer Overflow Vulnerability
[25294] Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
[25157] Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability
[25129] Microsoft Internet Explorer 6.0 Pop-up Window Title Bar Spoofing Weakness
[25110] Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities
[25095] Microsoft Internet Explorer 5.0.1 Mouse Event URI Status Bar Obfuscation Weakness
[25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
[25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
[25032] Windows Media Player 9.0 ActiveX Control File Enumeration Weakness
[25031] Windows Media Player 9.0 ActiveX Control Media File Attribute Corruption Weakness
[24999] Windows Light HTTPD 0.1 - Buffer Overflow
[24968] Mikrotik Syslog Server for Windows 1.15 - Denial of Service
[24808] Microsoft Internet Explorer 6.0 Search Pane URI Obfuscation Vulnerability
[24802] Microsoft Internet Explorer 6.0 Sysimage Protocol Handler Local File Detection Vulnerability
[24800] Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability
[24775] Microsoft Internet Explorer 6.0 Infinite Array Sort Denial of Service Vulnerability
[24727] Microsoft Internet Explorer 6.0 - Local Resource Enumeration Vulnerability
[24720] Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness
[24714] Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness
[24712] Microsoft Internet Explorer 6.0 TABLE Status Bar URI Obfuscation Weakness
[24705] Microsoft Internet Explorer 6.0 Font Tag Denial of Service Vulnerability
[24693] Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability
[24687] Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability
[24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
[24666] Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability
[24640] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2)
[24639] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (1)
[24637] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (4)
[24636] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (3)
[24635] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (2)
[24634] Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1)
[24538] MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
[24495] Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)
[24437] Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read
[24407] Microsoft Internet Explorer 6.0 Resource Detection Weakness
[24366] Windows Manage Memory Payload Injection
[24354] Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability
[24328] Microsoft Internet Explorer 5.0.1 Style Tag Comment Memory Corruption Vulnerability
[24281] Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service Vulnerability
[24267] Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial of Service Vulnerability
[24266] Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability
[24265] Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability
[24249] Microsoft Internet Explorer 6.0 Shell.Application Object Script Execution Weakness
[24213] Microsoft Internet Explorer 5.0.1 Wildcard DNS Cross-Site Scripting Vulnerability
[24211] Microsoft Internet Explorer 6.0 HREF Save As Denial of Service Vulnerability
[24187] Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness
[24174] Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness
[24135] Microsoft Internet Explorer 5.0.1 CSS Style Sheet Memory Corruption Vulnerability
[24119] Microsoft Internet Explorer 5.0.1 http-equiv Meta Tag Denial of Service Vulnerability
[24118] Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability
[24117] Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness
[24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
[24112] Microsoft Internet Explorer 6.0 XML Parsing Denial of Service Vulnerability
[24102] Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness
[24101] Microsoft Outlook 2003 Predictable File Location Weakness
[24069] Microsoft Internet Explorer 6.0 Meta Data Foreign Domain Spoofing Vulnerability
[24020] Microsoft Internet Explorer Option Element Use-After-Free
[24002] Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability
[23912] Microsoft Internet Explorer 6.0 Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability
[23911] Microsoft Internet Explorer 6.0 MSWebDVD Object Denial of Service Vulnerability
[23903] Microsoft Internet Explorer 6.0 HTML Form Status Bar Misrepresentation Vulnerability
[23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
[23790] Microsoft Internet Explorer 5 window.open Search Pane Cross-Zone Scripting Vulnerability
[23785] Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
[23768] Microsoft Internet Explorer 6.0 window.open Media Bar Cross-Zone Scripting Vulnerability
[23766] Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability
[23754] Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
[23695] Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability
[23679] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (2)
[23678] Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (1)
[23668] Microsoft Internet Explorer 5.0.1 LoadPicture File Enumeration Weakness
[23649] Microsoft SQL Server Database Link Crawling Command Execution
[23643] Microsoft Internet Explorer 5 NavigateAndFind() Cross-Zone Policy Vulnerability
[23531] HD Soft Windows FTP Server 1.5/1.6 Username Format String Vulnerability
[23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3)
[23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2)
[23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1)
[23490] Microsoft IIS 5.0 Failure To Log Undocumented TRACK Requests Vulnerability
[23401] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2)
[23400] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (1)
[23340] Microsoft Internet Explorer 6.0 Double Slash Cache Zone Bypass Vulnerability
[23321] Microsoft Internet Explorer 6-10 Mouse Tracking
[23283] Microsoft Internet Explorer 6.0 - Local Resource Reference Vulnerability
[23273] Microsoft Internet Explorer 6.0 Scrollbar-Base-Color Partial Denial of Service Vulnerability
[23255] Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability
[23216] Microsoft Word 97/98/2002 Malformed Document Denial of Service Vulnerability
[23215] Microsoft Internet Explorer 6 Absolute Position Block Denial of Service Vulnerability
[23131] Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities
[23122] Microsoft Internet Explorer 5 XML Page Object Type Validation Vulnerability
[23114] Microsoft Internet Explorer 5/6 Browser Popup Window Object Type Validation Vulnerability
[23113] Microsoft Exchange Server 4.0/5.0 SMTP HELO Argument Buffer Overflow Vulnerability
[23096] Microsoft WordPerfect Converter Buffer Overrun Vulnerability
[23095] Microsoft Access 97/2000/2002 Snapshot Viewer ActiveX Control Parameter Buffer Overflow Vulnerability
[23094] Microsoft Visual Basic For Applications SDK 5.0/6.0/6.2/6.3 Document Handling Buffer Overrun Vulnerability
[23083] MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day
[23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
[23044] Microsoft Internet Explorer 5/6 Object Type Validation Vulnerability
[23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
[23007] Windows AlwaysInstallElevated MSI
[22959] Microsoft Outlook Express 5/6 Script Execution Weakness
[22957] Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability
[22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
[22869] Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability
[22850] Microsoft Office OneNote 2010 Crash PoC
[22784] Microsoft Internet Explorer 5 Custom HTTP Error HTML Injection Vulnerability
[22783] Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability
[22734] Microsoft Internet Explorer 6 %USERPROFILE% File Execution Weakness
[22728] Microsoft Internet Explorer 5 Classic Mode FTP Client Cross Domain Scripting Vulnerability
[22726] Microsoft Internet Explorer 5 OBJECT Tag Buffer Overflow Vulnerability
[22679] Microsoft Visio 2010 Crash PoC
[22670] Microsoft IIS 5 WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability
[22655] Microsoft Publisher 2013 Crash PoC
[22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
[22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
[22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability
[22563] Microsoft IIS 5 User Existence Disclosure Vulnerability (2)
[22562] Microsoft IIS 5 User Existence Disclosure Vulnerability (1)
[22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
[22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
[22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
[22530] Microsoft Internet Explorer 5 Remote URLMON.DLL Buffer Overflow Vulnerability
[22518] Microsoft Shlwapi.dll 6.0.2800 .1106 Malformed HTML Form Tag DoS Vulnerability
[22489] Windows XP PRO SP3 - Full ROP calc shellcode
[22390] Microsoft ActiveSync 3.5 Null Pointer Dereference Denial of Service Vulnerability
[22330] Microsoft Office Excel 2010 Crash PoC
[22310] Microsoft Office Publisher 2010 Crash PoC
[22288] Microsoft Internet Explorer 5/6 Self Executing HTML File Vulnerability
[22280] Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability
[22251] AIX 3.x/4.x,Windows 95/98/2000/NT 4,SunOS 5 gethostbyname() Buffer Overflow
[22237] Microsoft Office Picture Manager 2010 Crash PoC
[22226] Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability
[22215] Microsoft Office Word 2010 Crash PoC
[22119] Microsoft Pocket Internet Explorer 3.0 - Denial of Service Vulnerability
[22027] Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability
[21994] Windows Escalate Service Permissions Local Privilege Escalation
[21986] Windows Media Player 10 - .avi Integer Division By Zero Crash PoC
[21959] Microsoft Internet Explorer 5/6 Cached Objects Zone Bypass Vulnerability
[21932] Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability
[21923] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (2)
[21922] MS Windows XP/2000/NT 4 NetDDE Privilege Escalation Vulnerability (1)
[21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
[21910] Microsoft IIS 5.0 IDC Extension Cross Site Scripting Vulnerability
[21902] MS Windows XP/2000/NT 4 Help Facility ActiveX Control Buffer Overflow
[21898] SurfControl SuperScout WebFilter for windows 2000 SQL Injection Vulnerability
[21897] SurfControl SuperScout WebFilter for windows 2000 File Disclosure Vulnerability
[21883] Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability
[21845] Windows Escalate UAC Protection Bypass
[21843] Windows Escalate UAC Execute RunAs
[21840] MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability
[21803] Microsoft Internet Explorer 6 URI Handler Restriction Circumvention Vulnerability
[21750] Microsoft Internet Explorer 5 Dialog Same Origin Policy Bypass Variant Vulnerability
[21749] Microsoft Internet Explorer 5/6 XML Redirect File Disclosure Vulnerability
[21747] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (2)
[21746] MS Windows 2000/NT 4/XP Network Share Provider SMB Request Buffer Overflow (1)
[21721] Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability
[21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
[21711] Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability
[21705] Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability
[21703] Citrix Metaframe for Windows NT 4.0 TSE 1.8 Java ICA Environment DoS
[21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
[21691] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8)
[21690] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (7)
[21689] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (6)
[21688] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5)
[21687] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4)
[21686] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (3)
[21685] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (2)
[21684] MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1)
[21662] Microsoft Outlook Express 6 XML File Attachment Script Execution Vulnerability
[21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
[21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
[21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
[21631] Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability
[21625] Trend Micro InterScan VirusWall for Windows NT 3.52 Space Gap Scan Bypass
[21613] Microsoft IIS 4/5 SMTP Service Encapsulated SMTP Address Vulnerability
[21601] Microsoft Foundation Class Library 7.0 ISAPI Buffer Overflow Vulnerability
[21556] Microsoft Internet Explorer 5/6 CSSText Bold Font Denial of Service
[21555] Cisco Secure ACS for Windows NT 3.0 Cross-site Scripting Vulnerability
[21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
[21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
[21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
[21530] Seanox DevWex Windows Binary 1.2002.520 File Disclosure
[21481] Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service
[21452] Microsoft Internet Explorer 5.0.1/6.0 Content-Disposition Handling File Execution Vulnerability
[21419] Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability
[21404] Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service Vulnerability
[21387] WebTrends Reporting Center for Windows 4.0 d GET Request Buffer Overflow
[21385] Microsoft IIS 5.0 CodeBrws.ASP Source Code Disclosure Vulnerability
[21376] Microsoft Internet Explorer 5.5/6.0 History List Script Injection Vulnerability
[21372] Microsoft IIS 4/5 HTTP Error Page Cross Site Scripting Vulnerability
[21371] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4)
[21370] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3)
[21369] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2)
[21368] Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1)
[21361] Microsoft Internet Explorer 5 Cascading Style Sheet File Disclosure Vulnerability
[21313] Microsoft IIS 4.0/5.0/5.1 Authentication Method Disclosure Vulnerability
[21260] Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability
[21225] John Roy Pi3Web 2.0 For Windows Long Request Buffer Overflow Vulnerability
[21199] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (2)
[21198] Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1)
[21195] Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability
[21189] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (2)
[21188] Windows 98/XP/ME UPnP NOTIFY Buffer Overflow Vulnerability (1)
[21177] Microsoft IIS 5.0 False Content-Length Field DoS Vulnerability
[21164] Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability
[21144] Microsoft Internet Explorer 5/6 Cookie Disclosure/Modification Vulnerability
[21127] Microsoft Internet Explorer 5/6 JavaScript Interface Spoofing Vulnerability
[21118] Microsoft Internet Explorer 5 Zone Spoofing Vulnerability
[21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
[21072] Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability
[21071] Microsoft IIS 4/5 SSI Buffer Overrun Privelege Elevation
[21040] Windows 98 ARP Denial of Service Vulnerability
[21004] Microsoft Outlook 98/2000/2002 Arbitrary Code Execution Vulnerability
[21003] Microsoft Outlook 98/2000/2002 Unauthorized Email Access Vulnerability
[20997] HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS
[20991] Microsoft IIS 4.0/5.0 Device File Remote DoS Vulnerability
[20989] Microsoft IIS 4.0/5.0 Device File Local DoS Vulnerability
[20912] Trend Micro InterScan VirusWall for Windows NT 3.51 Configurations Modification Vulnerability
[20903] Microsoft Internet Explorer 5.5 File Disclosure Vulnerability
[20899] Microsoft Outlook 97/98/2000/4/5 Address Book Spoofing Vulnerability
[20893] Trend Micro InterScan VirusWall for Windows NT 3.4/3.5/3.51 Remote Reconfiguration Vulnerability
[20880] MS Windows 2000 Debug Registers Vulnerability
[20846] Microsoft IIS 4.0/5.0 FTP Denial of Service Vulnerability
[20818] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (4)
[20817] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (3)
[20816] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (2)
[20815] Microsoft IIS 5.0 .printer ISAPI Extension Buffer Overflow Vulnerability (1)
[20814] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5)
[20813] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4)
[20812] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3)
[20811] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2)
[20810] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1)
[20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
[20782] Microsoft IE 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability
[20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service
[20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
[20688] Qualcomm Eudora 5.0.2 'Use Microsoft Viewer' Code Execution Vulnerability
[20680] Microsoft IE 5.0.1/5.5/6.0 Telnet Client File Overwrite Vulnerability
[20664] Microsoft IIS 5.0 WebDAV Denial of Service Vulnerability
[20605] Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability
[20590] Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability
[20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
[20543] Windows Service Trusted Path Privilege Escalation
[20515] Microsoft Internet Explorer 5.0.1/5.5 'mstask.exe' CPU Consumption Vulnerability
[20508] Microsoft NT 4.0 RAS/PPTP Malformed Control Packet Denial of Service Attack
[20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
[20472] IBM DB2 Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password Vulnerability
[20470] IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability
[20459] Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\' Vulnerability
[20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability
[20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability
[20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability
[20440] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (4)"
[20439] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (3)"
[20438] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (2)"
[20437] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (1)"
[20426] Microsoft Internet Explorer 5.5 Index.dat Vulnerability
[20384] Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability
[20383] Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability
[20324] iplanet certificate management system 4.2 for windows nt 4.0 - Directory Traversal
[20310] Microsoft IIS 4.0 Pickup Directory DoS Vulnerability
[20309] Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability
[20306] Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability
[20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
[20289] Microsoft NetMeeting 3.0.1 4.4.3385 Remote Desktop Sharing DoS Vulnerability
[20269] Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability
[20235] Cisco Secure ACS for Windows NT 2.42 Buffer Overflow Vulnerability
[20232] MS Windows 2000/NT 4 DLL Search Path Weakness
[20219] WebTV for Windows 98/ME DoS Vulnerability
[20174] Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
[20152] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (2)"
[20151] "Microsoft IIS 5.0 ""Translate: f"" Source Disclosure Vulnerability (1)"
[20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
[20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
[20089] Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability
[20079] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2)
[20078] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1)
[20006] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (2)
[20005] Windows NT 4.0 - Remote Registry Request Dos Vulnerability (1)
[19968] Windows 2000/95/98/NT 4.0 Long Filename Extension Vulnerability
[19930] Windows Escalate Task Scheduler XML Privilege Escalation
[19928] Microsoft Active Movie Control 1.0 Filetype Vulnerability
[19908] Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability
[19907] Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability
[19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
[19827] NT 4.0 / Windows 2000 TCP/IP Printing Service DoS Vulnerability
[19815] vqsoft vqserver for windows 1.9.9 - Directory Traversal vulnerability
[19799] Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 MS DoS Device Name DoS
[19789] Microsoft Clip Art Gallery 5.0 - Buffer Overflow Vulnerability
[19743] Cat Soft Serv-U 2.5/a/b,Windows 2000/95/98/NT 4.0 Shortcut Vulnerability
[19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
[19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
[19733] McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion
[19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
[19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability
[19637] MS IE 5.0 for Windows 2000/95/98/NT 4 XML HTTP Redirect Vulnerability
[19633] Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 Riched Buffer Overflow
[19608] Windows 95/98 UNC Buffer Overflow Vulnerability (2)
[19607] Windows 95/98 UNC Buffer Overflow Vulnerability (1)
[19594] MS Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Spoolss.exe DLL Insertion Vulnerability
[19516] Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow
[19515] MS IE 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow
[19473] Microsoft Internet Explorer 5.0 FTP Password Storage Vulnerability
[19471] Microsoft Internet Explorer 5.0 HTML Form Control DoS
[19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability
[19435] Microsoft JET 3.5/3.51/4.0 VBA Shell Vulnerability
[19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
[19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
[19415] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3)
[19414] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2)
[19413] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1)
[19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
[19361] Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability
[19248] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4)
[19247] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (3)
[19246] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (2)
[19245] Microsoft IIS 4.0 - Buffer Overflow Vulnerability (1)
[19228] Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability
[19208] Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability
[19207] Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability
[19194] Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability
[19186] Microsoft XML Core Services MSXML Uninitialized Memory Corruption
[19164] Microsoft IE4 Clipboard Paste Vulnerability
[19156] Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability
[19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability
[19144] Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability
[19129] Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability
[19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
[19089] Windows OpenType Font - File Format DoS Exploit
[19083] Cheyenne Inoculan for Windows NT 4.0 Share Vulnerability
[19037] MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
[19033] microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities
[19026] Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
[18952] Microsoft Wordpad 5.1 (.doc) Null Pointer Dereference Vulnerability
[18894] Windows XP Keyboard Layouts Pool Corruption LPE 0day PoC (post-MS12-034)
[18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow
[18606] Microsoft Terminal Services Use After Free (MS12-020)
[18365] Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability
[18334] Microsoft Office 2003 Home/Pro 0day
[18272] Windows Explorer Denial of Service (DOS)
[18271] Windows Media Player 11.0.5721.5262 - Remote Denial of Service (DOS)
[18143] MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
[18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
[18078] Microsoft Excel 2003 11.8335.8333 Use After Free
[18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
[17830] Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption
[17796] Windows Server 2008 R1 Local Denial of Service
[17783] ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit
[17659] MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
[17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053]
[17451] Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
[17399] Microsoft Office XP Remote code Execution
[17398] Windows Media Player with K-Lite Codec Pack DoS PoC
[17227] Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow PoC
[17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
[17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
[17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
[17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
[17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
[17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
[17158] Microsoft HTML Help <= 6.1 Stack Overflow
[17072] Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC
[16991] Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions
[16750] Microsoft Message Queueing Service DNS Name Path Overflow
[16749] Microsoft RPC DCOM Interface Overflow
[16748] Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)
[16747] Microsoft Message Queueing Service Path Overflow
[16740] Microsoft IIS FTP Server NLST Response Overflow
[16698] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)
[16686] Microsoft Word RTF pFragments Stack Buffer Overflow (File Format)
[16680] Microsoft Visual Basic VBP Buffer Overflow
[16665] Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow
[16649] Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Exploit
[16625] Microsoft Excel Malformed FEATHEADER Record Vulnerability
[16615] Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
[16612] Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution
[16608] Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow
[16605] Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
[16545] Microsoft Help Center XSS and Command Execution
[16542] Microsoft OWC Spreadsheet HTMLURL Buffer Overflow
[16537] Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
[16526] Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)
[16521] Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow
[16516] Microsoft WMI Administration Tools ActiveX Buffer Overflow
[16507] Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow
[16472] Microsoft IIS 5.0 IDQ Path Overflow
[16471] Microsoft IIS WebDAV Write Access Code Execution
[16470] Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
[16469] Microsoft IIS 5.0 Printer Host Header Overflow
[16468] Microsoft IIS 4.0 .HTR Path Overflow
[16467] Microsoft IIS/PWS CGI Filename Double Decode Command Execution
[16442] Microsoft DirectX DirectShow SAMI Buffer Overflow
[16427] Windows RSH daemon Buffer Overflow
[16403] CA BrightStor Agent for Microsoft SQL Overflow
[16398] Microsoft SQL Server Hello Overflow
[16396] Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
[16395] Microsoft SQL Server Payload Execution
[16394] Microsoft SQL Server Payload Execution via SQL injection
[16393] Microsoft SQL Server Resolution Overflow
[16392] Microsoft SQL Server sp_replwritetovarbin Memory Corruption
[16379] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
[16378] Microsoft Workstation Service NetAddAlternateComputerName Overflow
[16377] Microsoft ASN.1 Library Bitstring Heap Overflow
[16375] Microsoft RRAS Service RASMAN Registry Overflow
[16373] Microsoft Services MS06-066 nwapi32.dll
[16372] Microsoft Workstation Service NetpManageIPCConnect Overflow
[16371] Microsoft NetDDE Service Overflow
[16369] Microsoft Services MS06-066 nwwks.dll
[16368] Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
[16367] Microsoft Server Service NetpwPathCanonicalize Overflow
[16366] Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)
[16365] Microsoft Plug and Play Service Overflow
[16364] Microsoft RRAS Service Overflow
[16362] Microsoft Server Service Relative Path Stack Corruption
[16361] Microsoft Print Spooler Service Impersonation Vulnerability
[16359] Microsoft WINS Service Memory Overwrite
[16358] Microsoft IIS ISAPI RSA WebAgent Redirect Overflow
[16357] Microsoft IIS Phone Book Service Overflow
[16356] Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
[16355] Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow
[16354] Microsoft IIS ISAPI w3who.dll Query String Overflow
[16334] Microsoft Private Communications Transport Overflow
[16333] Windows Media Services ConnectFunnel Stack Buffer Overflow
[16332] Veritas Backup Exec Windows Remote Agent Overflow
[16262] MS Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011)
[16166] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow
[16071] Microsoft Internet Explorer MHTML Protocol Handler XSS
[16024] Microsoft Fax Cover Page Editor <= 5.2.3790.3959 Double Free Memory Corruption
[15984] MS11-002: Microsoft Data Access Components Vulnerability
[15963] MS10-081: Windows Common Control Library (Comctl32) Heap Overflow
[15894] MS10-073 Windows Class Handling Vulnerability
[15803] Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC
[15758] Windows Win32k Pointer Dereferencement PoC (MS10-098)
[15609] Elevation of privileges under Windows Vista/7 (UAC Bypass) 0day
[15589] Windows Task Scheduler Privilege Escalation 0day
[15319] Apache 2.2 (Windows) Local Denial of Service
[15297] Windows Mobile 6.1 and 6.5 Double Free Denial of Service
[15266] Windows NTLM Weak Nonce Vulnerability
[15262] Microsoft Office HtmlDlgHelper Class Memory Corruption
[15167] Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065)
[15158] MOAUB #30 - Microsoft Unicode Scripts Processor Remote Code Execution
[15148] MOAUB #29 - Microsoft Excel SxView Record Parsing Heap Memory Corruption
[15136] Windows Mobile 6.5 TR Phone Call Shellcode
[15122] MOAUB #27 - Microsoft Internet Explorer MSHTML Findtext Processing Issue
[15116] Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM)
[15112] MOAUB #26 - Microsoft Cinepak Codec CVDecompress Heap Overflow
[15096] MOAUB #24 - Microsoft MPEG Layer-3 Audio Decoder Division By Zero
[15094] MOAUB #24 - Microsoft Excel OBJ Record Stack Overflow
[15088] MOAUB #23 - Microsoft Excel HFPicture Record Parsing Memory Corruption (0day)
[15065] MOAUB #21 - Microsoft Excel WOPT Record Parsing Heap Memory Corruption
[15061] microsoft drm technology (msnetobj.dll) activex Multiple Vulnerabilities
[15034] Microsoft Mspaint bmp crash Proof Of Concept
[15019] MOAUB #16 - Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability
[14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
[14944] MOAUB #8 - Microsoft Office Visio DXF File Stack based Overflow
[14895] MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit
[14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
[14780] Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll)
[14758] Microsoft Group Convertor DLL Hijacking Exploit (imm.dll)
[14754] Microsoft Internet Connection Signup Wizard DLL Hijacking Exploit (smmscrpt.dll)
[14751] Microsoft Vista BitLocker Drive Encryption API Hijacking Exploit (fveapi.dll)
[14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
[14745] Microsoft Address Book 6.00.2900.5512 DLL Hijacking Exploit (wab32res.dll)
[14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
[14728] Windows Live Email DLL Hijacking Exploit (dwmapi.dll)
[14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
[14697] Windows XP SP3 English MessageBoxA Shellcode - 87 bytes
[14613] Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service
[14607] Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054)
[14413] IE 7.0 - DoS Microsoft Clip Organizer Multiple Insecure ActiveX Control
[14361] Microsoft Excel 0x5D record Stack Overflow Vulnerability
[14295] Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day)
[14179] Microsoft Internet Information Services (IIS) 5 Authentication Bypass Vulnerability (MS10-065)
[14156] Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability
[13729] Windows Seven x64 (cmd) Shellcode 61 Bytes
[13719] Windows Seven Pro SP1 64 Fr (Beep) Shellcode 39 Bytes
[13639] Windows XP Professional SP2 ita calc.exe shellcode 36 bytes
[13631] Windows XP Home Edition SP3 English (calc.exe) 37 bytes
[13630] Windows Xp Home Edition SP2 English (calc.exe) 37 bytes
[13582] "Windows XP Pro Sp2 English ""Wordpad"" Shellcode"
[13581] "Windows XP Pro Sp2 English ""Message-Box"" Shellcode"
[13532] MS Windows (DCOM RPC2) Universal Shellcode
[13531] windows/XP-sp1 portshell on port 58821 116 bytes
[13530] windows/XP download and exec source
[13527] Windows 9x/NT/2k/XP PEB method 35 bytes
[13526] Windows 9x/NT/2k/XP PEB method 31 bytes
[13525] Windows 9x/NT/2k/XP PEB method 29 bytes
[13524] Windows 9x/NT/2k/XP Reverse Generic Shellcode without Loader 249 bytes
[13523] Windows NT/2k/XP useradd shellcode for russian systems 318 bytes
[13504] Windows x86 null-free bindshell for Windows 5.0-7.0 all service packs
[13283] windows xp/sp1 generate portbind payload
[12728] Microsoft Outlook Web Access (OWA) 8.2.254.0 - Information Disclosure vulnerability
[12524] Windows SMB2 Negotiate Protocol (0x72) Response DoS
[12518] Microsoft Paint Integer Overflow Vulnerability (DoS) MS10-005
[12450] Microsoft SharePoint Server 2007 XSS Vulnerability
[12337] Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability
[12336] Windows 2000/XP/2003 win32k.sys SfnLOGONNOTIFY local kernel Denial of Service Vulnerability
[12273] Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC
[12119] WINDOWS FTP SERVER by DWG (Auth Bypass)
[12079] Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit
[12032] Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution
[11683] Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta)
[11531] Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit
[11276] Microsoft Internet Explorer 6.0/7.0 NULL pointer crashes
[11214] Windows Live Messenger 2009 ActiveX Heap Overflow PoC
[11199] Windows NT User Mode to Ring 0 Escalation Vulnerability
[11070] Windows Live Messenger 2009 ActiveX DoS Vulnerability
[11034] Microsoft HTML Help Compiler (hhc.exe) BOF PoC
[10791] Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x
[10747] Mini-Stream Exploit for Windows XP SP2 and SP3
[10375] SAP GUI for Windows sapirrfc.dll Activex Overflow Exploit
[10005] Windows 7 / Server 2008R2 Remote Kernel Crash
[9893] Microsoft Internet Explorer 5,6,7 - Memory Corruption PoC
[9596] SIDVault 2.0e Windows Universal Buffer Overflow Exploit (SEH)
[9594] Windows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln
[9592] SIDVault 2.0e Windows Remote Buffer Overflow Exploit (meta)
[9587] Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service
[9586] SIDVault 2.0e Windows Remote Buffer Overflow Exploit
[9559] Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4)
[9541] Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k)
[9516] Novell Client for Windows 2000/XP ActiveX Remote DoS Vulnerability
[9417] MS Windows 2003 (EOT File) BSOD Crash Exploit
[9163] Microsoft Office Web Components (Spreadsheet) ActiveX BOF PoC
[9117] HTC / Windows Mobile OBEX FTP Service Directory Traversal Vuln
[9100] Microsoft Internet Explorer (AddFavorite) Remote Crash PoC
[9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln
[8832] ICQ 6.5 URL Search Hook (Windows Explorer) Remote BOF PoC
[8806] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl)
[8765] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php)
[8754] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (patch)
[8704] Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability
[8467] Microsoft Media Player - (quartz.dll .wav) Multiple Remote DoS Vulns
[8466] Microsoft GDI Plugin .png Infinite Loop Denial of Service PoC
[8465] Microsoft Media Player - (quartz.dll .mid) Denial of Service Exploit
[8445] MS Windows Media Player (.mid File) Integer Overflow PoC
[8281] Microsoft GdiPlus EMF GpFont.SetData Integer Overflow PoC
[7910] WOW - Web On Windows ActiveX Control 2 Remote Code Execution
[7727] Microsoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit
[7720] MS Windows (.CHM File) Denial of Service (html compiled)
[7585] MS Windows Media Player - (.WAV) Remote Crash PoC
[7501] Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit
[7262] Microsoft Office Communicator (SIP) Remote Denial of Service Exploit
[7217] Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)
[7196] Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069
[7132] MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)
[7104] MS Windows Server Service Code Execution Exploit (MS08-067)
[6841] MS Windows Server Service Code Execution Exploit (MS08-067) (Univ)
[6824] MS Windows Server Service Code Execution PoC (MS08-067)
[6757] MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin)
[6732] MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046)
[6716] MS Windows GDI+ Proof of Concept (MS08-052) #2
[6705] MS Windows 2003 Token Kidnapping Local Exploit PoC
[6699] Microsoft PicturePusher ActiveX Cross Site File Upload Attack PoC
[6671] MS Windows Vista Access Violation from Limited Account Exploit (BSoD)
[6656] MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021
[6616] MS Windows Explorer Unspecified .ZIP File Denial of Service Exploit
[6588] MS Windows GDI+ (.ico File) Remote Division By Zero Exploit
[6582] Windows Mobile 6.0 Device long name Remote Reboot Exploit
[6565] K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer DoS PoC
[6560] MS Windows Wordpad .doc File Local Denial of Service PoC
[6463] MS Windows WRITE_ANDX SMB command handling Kernel DoS (meta)
[6454] Windows Media Encoder wmex.dll ActiveX BOF Exploit (MS08-053)
[6330] Micrsoft Windows GDI (CreateDIBPatternBrushPt) Heap Overflow PoC
[6317] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit
[6244] Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC
[6181] RealVNC Windows Client 4.1.2 - Remote DoS Crash PoC
[6124] Microsoft Access (Snapview.ocx 10.0.5529.0) ActiveX Remote Exploit
[5951] XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit PoC
[5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit
[5530] Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit
[5518] MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025)
[5460] Microsoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC
[5442] MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021)
[5349] Microsoft Visual InterDev 6.0 (SP6) SLN File Local Buffer Overflow PoC
[5327] MS Windows Explorer Unspecified .DOC File Denial of Service Exploit
[5320] Microsoft Office XP SP3 PPT File Buffer Overflow Exploit (ms08-016)
[5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day)
[5287] Microsoft Office Excel Code Execution Exploit (MS08-014)
[5107] Microsoft Office .WPS File Stack Overflow Exploit (MS08-011)
[5087] Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit
[4948] Windows RSH daemon <= 1.8 - Remote Buffer Overflow Exploit
[4934] MS Windows Message Queuing Service RPC BOF Exploit (dnsname)
[4892] Microsoft Visual InterDev 6.0 (SP6) .sln File Local Buffer Overflow Exploit
[4874] Microsoft Rich Textbox Control 6.0 (SP6) SaveFile() Insecure Method
[4873] Microsoft FoxServer (vfp6r.dll 6.0.8862.0) ActiveX Command Execution
[4866] Microsoft DirectX SAMI File Parsing Remote Stack Overflow Exploit
[4760] MS Windows 2000 AS SP4 Message Queue Exploit (MS07-065)
[4745] MS Windows Message Queuing Service RPC BOF Exploit (MS07-065)
[4702] Windows Media Player 6.4 MP4 File Stack Overflow PoC
[4682] Windows Media Player AIFF Divide By Zero Exception DoS PoC
[4625] Microsoft Jet Engine MDB File Parsing Stack Overflow PoC
[4616] Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055)
[4506] Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution
[4431] Microsoft Visual Basic Enterprise Edition 6.0 SP6 Code Execution Exploit
[4398] Microsoft SQL Server Distributed Management Objects BoF Exploit
[4394] Microsoft Visual Studio 6.0 (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit
[4393] Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution
[4379] Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF
[4369] Microsoft Visual FoxPro 6.0 (FPOLE.OCX 6.0.8450.0) - Remote PoC
[4361] Microsoft Visual Basic 6.0 VBP_Open OLE Local CodeExec Exploit
[4337] MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046)
[4325] XAMPP for Windows 1.6.3a Local Privilege Escalation Exploit
[4279] Microsoft DXMedia SDK 6 (SourceUrl) ActiveX Remote Code Execution
[4259] Microsoft Visual 6 (VDT70.DLL NotSafe) Stack Overflow Exploit
[4222] Windows RSH daemon 1.7 - Remote Buffer Overflow Exploit
[4215] MS Windows Explorer.exe Gif Image Denial of Service Exploit
[4205] TeamSpeak 2.0 (Windows Release) Remote Denial of Service Exploit
[4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
[4067] Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
[4066] Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
[4065] Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
[4061] Safari 3 for Windows Beta Remote Command Execution PoC
[4044] MS Windows GDI+ ICO File - Remote Denial of Service Exploit
[4016] Microsoft IIS <= 5.1 Hit Highlighting Authentication Bypass Exploit
[3977] Microsoft Visual Basic 6.0 Project (Description) Stack overflow PoC
[3976] Microsoft Visual Basic 6.0 Project (Company Name) Stack overflow PoC
[3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
[3965] Microsoft IIS 6.0 (/AUX/.aspx) Remote Denial of Service Exploit
[3926] MS Windows Vista - Forged ARP packet Network Stack DoS Exploit
[3804] MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017)
[3755] MS Windows GDI Local Privilege Escalation Exploit (MS07-017) 2
[3740] MS Windows DNS DnssrvQuery Remote Stack Overflow Exploit
[3738] XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit
[3737] MS Windows DNS RPC Remote Buffer Overflow Exploit (win2k SP4)
[3695] MS Windows Animated Cursor (.ANI) Local Overflow Exploit
[3693] MS Windows .HLP File Local HEAP Overflow PoC 0day
[3690] microsoft office word 2007 - Multiple Vulnerabilities
[3688] MS Windows GDI Local Privilege Escalation Exploit (MS07-017)
[3684] MS Windows Explorer Unspecified .ANI File Denial of Service Exploit
[3652] MS Windows Animated Cursor (.ANI) Overflow Exploit (Hardware DEP)
[3651] MS Windows Animated Cursor (.ANI) Universal Exploit Generator
[3647] MS Windows Animated Cursor (.ANI) Local Buffer Overflow Exploit
[3636] MS Windows Animated Cursor (.ANI) Remote Exploit (eeye patch bypass)
[3635] MS Windows XP Animated Cursor (.ANI) Remote Overflow Exploit 2
[3634] MS Windows XP/Vista Animated Cursor (.ANI) Remote Overflow Exploit
[3617] MS Windows Animated Cursor (.ANI) Stack Overflow Exploit
[3575] Frontbase <= 4.2.7 - Remote Buffer Overflow Exploit (windows)
[3544] Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit
[3453] MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption
[3419] MS Windows (.doc File) Malformed Pointers Denial of Service Exploit
[3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
[3193] Microsoft Excel Malformed Palette Record DoS PoC (MS07-002)
[3190] MS Windows Explorer (AVI) Unspecified Denial of Service Exploit
[3176] Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit
[3159] Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit
[3149] Microsoft Help Workshop 4.03.0002 (.CNT) Buffer Overflow Exploit
[3111] MS Windows Explorer (WMF) CreateBrushIndirect DoS Exploit
[3071] Microsoft Vista (NtRaiseHardError) Privilege Escalation Exploit
[3052] MS Windows NtRaiseHardError Csrss.exe-winsrv.dll Double Free
[3024] MS Windows NtRaiseHardError Csrss.exe Memory Disclosure Exploit
[3022] MS Windows ASN.1 - Remote Exploit (MS04-007)
[3013] MS Windows NetrWkstaUserEnum() Remote DoS Exploit (0day)
[2967] MS Windows (MessageBox) Memory Corruption Local Denial of Service
[2935] Windows Media Player 9/10 (MID File) Denial of Service Exploit
[2922] Microsoft Word Document (malformed pointer) Proof of Concept
[2900] MS Windows DNS Resolution Remote Denial of Service PoC (MS06-041)
[2879] MS Windows spoolss GetPrinterData() Remote DoS Exploit (0day)
[2809] MS Windows NetpManageIPCConnect Stack Overflow Exploit (py)
[2800] MS Windows Wkssvc NetrJoinDomain2 Stack Overflow Exploit (MS06-070)
[2789] MS Windows NetpManageIPCConnect Stack Overflow Exploit (MS06-070)
[2682] MS Windows NAT Helper Components Remote DoS Exploit (perl)
[2672] MS Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit
[2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
[2412] MS Windows (Windows Kernel) Privilege Escalation Exploit (MS06-049)
[2355] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2k3)
[2265] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040) (2)
[2231] Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows)
[2223] MS Windows CanonicalizePathName() Remote Exploit (MS06-040)
[2210] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c) (2)
[2204] MS Windows PNG File IHDR Block Denial of Service Exploit PoC (c)
[2194] MS Windows PNG File IHDR Block Denial of Service Exploit PoC
[2162] MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040)
[2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
[2057] MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035)
[2056] Microsoft IIS ASP Stack Overflow Exploit (MS06-034)
[2054] MS Windows DHCP Client Broadcast Attack Exploit (MS06-036)
[2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
[1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
[1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
[1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
[1978] Microsoft Excel Universal Hlink Local Buffer Overflow Exploit
[1967] MS Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit
[1965] MS Windows RRAS RASMAN Registry Stack Overflow Exploit (MS06-025)
[1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
[1944] Microsoft Excel Unspecified Remote Code Execution Exploit
[1940] MS Windows RRAS Remote Stack Overflow Exploit (MS06-025)
[1927] Microsoft Excel Unicode Local Overflow Exploit PoC
[1911] MS Windows XP/2K (Mrxsmb.sys) Privilege Escalation PoC (MS06-030)
[1910] MS Windows (NtClose DeadLock) Vulnerability PoC (MS06-030)
[1603] MS Windows XP/2003 - (IGMP v3) Denial of Service Exploit (MS06-007) (2)
[1599] MS Windows XP/2003 (IGMP v3) - Denial of Service Exploit (MS06-007)
[1584] MS Windows Telephony Service Command Execution Exploit (MS05-040)
[1520] MS Windows Media Player Plugin Overflow Exploit (MS06-006)(3)
[1506] MS Windows Color Management Module Overflow Exploit (MS05-036) (2)
[1505] MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006)
[1504] MS Windows Media Player 9 Plugin Overflow Exploit (MS06-006) (meta)
[1502] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2)
[1500] Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005)
[1495] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (3)
[1490] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (new)
[1488] Microsoft HTML Help Workshop (.hhp file) Denial of Service
[1470] Microsoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit
[1465] MS Windows Services ACLs Local Privilege Escalation Exploit (updated)
[1420] MS Windows Metafile (WMF) Remote File Download Exploit Generator
[1407] MS Windows 2k Kernel APC Data-Free Local Escalation Exploit (MS05-055)
[1396] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (cpp)
[1391] Windows XP/2003 Metafile Escape() Code Execution Exploit (meta)
[1377] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (pl)
[1376] MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c)
[1346] MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053)
[1343] MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053)
[1341] MS Windows MSDTC Service Remote Memory Modification PoC (MS05-051)
[1328] MS Windows 2k UPNP (getdevicelist) Memory Leak DoS Exploit
[1287] GO-Global Windows Server <= 3.1.0.3270 Buffer Overflow (PoC)
[1286] GO-Global Windows Clients <= 3.1.0.3270 Buffer Overflow (PoC)
[1271] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) (2)
[1269] MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)
[1260] MS Windows IIS SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta)
[1198] MS Windows CSRSS Local Privilege Escalation Exploit (MS05-018)
[1197] MS Windows (keybd_event) Local Privilege Elevation Exploit
[1180] MS Windows Plug-and-Play Service Remote Universal Exploit (french fix)
[1179] MS Windows Plug-and-Play Service Remote Universal Exploit (spanish fix)
[1178] MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit
[1149] MS Windows Plug-and-Play Service Remote Universal Exploit (MS05-039)
[1147] Veritas Backup Exec Remote File Access Exploit (windows)
[1146] MS Windows Plug-and-Play Service Remote Overflow (MS05-039)
[1143] MS Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit
[1128] MS Windows (LegitCheckControl.dll) Genuine Advantage Validation Patch
[1116] MS Windows Color Management Module Overflow Exploit (MS05-036)
[1104] MS Windows Netman Service Local Denial of Service Exploit
[1075] MS Windows Message Queuing BoF Universal Exploit (MS05-017) (v.0.3)
[1065] MS Windows (SMB) Transaction Response Handling Exploit (MS05-011)
[1019] MS Windows COM Structured Storage Local Exploit (MS05-012)
[1000] MS Windows XP/2003 - IPv6 Remote Denial of Service Exploit
[976] MS Windows WINS Vulnerability and OS/SP Scanner
[942] MS Windows Malformed IP Options DoS Exploit (MS05-019)
[938] MS Windows (HTA) Script Execution Exploit (MS05-016)
[909] MS Windows (WINS) Remote Buffer Overflow Exploit (v.3)
[861] MS Windows XP/2003 Remote Denial of Service Exploit
[749] MS Windows Improper Token Validation Local Exploit (working)
[734] MS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031)
[733] MS Windows 2000 WINS Remote Code Execution Exploit
[721] MS Windows Kernel ANI File Parsing Crash Vulnerability
[640] MS Windows Compressed Zipped Folders Exploit (MS04-034)
[585] MS Windows IIS WebDAV XML Denial of Service Exploit (MS04-030)
[584] MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032)
[578] MS Windows NNTP Service (XPAT) Denial of Service Exploit (MS04-036)
[556] MS Windows JPEG GDI+ All-In-One Bind/Reverse/Admin/FileDownload
[480] MS Windows JPEG GDI+ Remote Heap Overflow Exploit (MS04-028)
[478] MS Windows JPEG GDI+ Overflow Download Shellcode Exploit (MS04-028)
[475] MS Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028)
[474] MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028)
[472] MS Windows JPEG GDI+ Overflow Shellcoded Exploit
[368] MS Windows XP Task Scheduler (.job) Universal Exploit (MS04-022)
[366] MS Windows SMS 2.0 - Denial of Service Exploit
[355] MS Windows 2k Utility Manager (All-In-One) Exploit (MS04-019)
[353] MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022)
[352] MS Windows 2000 Universal Language Utility Manager Exploit (MS04-019)
[351] MS Windows 2K POSIX Subsystem Privilege Escalation Exploit (MS04-020)
[350] MS Windows 2000 Utility Manager Privilege Elevation Exploit (MS04-019)
[329] MS Windows NT Crash with an Extra Long Username DoS Exploit
[295] MS Windows XP/2K Lsasrv.dll Remote Universal Exploit (MS04-011)
[293] MS Windows Lsasrv.dll RPC Remote Buffer Overflow Exploit (MS04-011)
[276] MS Windows 2K/XP TCP Connection Reset Remote Attack Tool
[275] MS Windows IIS 5.0 SSL Remote buffer overflow Exploit (MS04-011)
[271] MS Windows Utility Manager Local SYSTEM Exploit (MS04-011)
[268] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit (2)
[266] MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit
[214] MS Windows (Jolt2.c) Denial of Service Exploit
[176] MS Windows IIS SSL Remote Denial of Service Exploit (MS04-011)
[163] Eudora 6.0.3 Attachment Spoofing Exploit (windows)
[153] MS Windows ASN.1 LSASS.EXE Remote Exploit (MS04-007)
[148] MS Windows XP/2003 Samba Share Resource Exhaustion Exploit
[135] MS Windows Messenger Service Remote Exploit FR (MS03-043)
[130] MS Windows XP Workstation Service Remote Exploit (MS03-049)
[123] MS Windows Workstation Service WKSSVC Remote Exploit (MS03-049)
[122] MS Windows (ListBox/ComboBox Control) Local Exploit (MS03-045)
[119] MS Windows 2000/XP Workstation Service Overflow (MS03-049)
[117] MS Windows XP/2000 RPC Remote (non exec memory) Exploit
[111] MS Windows Messenger Service Denial of Service Exploit (MS03-043)
[109] MS Windows (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)
[103] MS Windows (RPC DCOM2) Remote Exploit (MS03-039)
[100] MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026)
[97] MS Windows (RPC DCOM) Scanner (MS03-039)
[92] Microsoft WordPerfect Document Converter Exploit (MS03-036)
[86] Real Server 7/8/9 Remote Root Exploit (Windows & Linux)
[81] MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit
[76] MS Windows (RPC DCOM) Remote Exploit (Universal Targets)
[70] MS Windows (RPC DCOM) Remote Exploit (48 Targets)
[69] MS Windows RPC DCOM Remote Exploit (18 Targets)
[66] MS Windows (RPC DCOM) Remote Exploit (w2k+XP Targets)
[65] MS Windows SQL Server Denial of Service Remote Exploit (MS03-031)
[64] MS Windows (RPC DCOM) Remote Buffer Overflow Exploit
[61] MS Windows 2000 RPC DCOM Interface DoS Exploit
[56] MS Windows Media Services (nsiislog.dll) Remote Exploit
[51] MS Windows WebDav III remote root Exploit (xwdav)
[48] MS Windows Media Services Remote Exploit (MS03-022)
[36] MS Windows WebDav II (New) Remote Root Exploit
[35] MS Windows IIS 5.0 - 5.1 - Remote Denial of Service Exploit
[32] MS Windows XP (explorer.exe) Buffer Overflow Exploit
[23] Real Server < 8.0.2 - Remote Exploit (Windows Platforms)
[20] MS Windows SMB Authentication Remote Exploit
[5] MS Windows RPC Locator Service Remote Exploit
[2] MS Windows WebDAV Remote PoC Exploit
[1] MS Windows WebDAV (ntdll.dll) Remote Exploit
OpenVAS (Nessus) - http://www.openvas.org:
[903041] Microsoft Windows Kernel Privilege Elevation Vulnerability (2724197)
[903036] Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)
[903035] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2731847)
[903033] Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
[902936] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2783534)
[902933] Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
[902916] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
[902909] Microsoft Windows Service Pack Missing Multiple Vulnerabilities
[902908] Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
[902906] Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
[902900] Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
[902846] Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992)
[902845] Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
[902829] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258)
[902807] Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)
[902784] Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
[902783] Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)
[902782] MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883)
[902766] Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
[902694] Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
[902693] Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2761226)
[902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
[902677] Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)
[902676] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
[902609] Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)
[902598] Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
[902597] Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
[902596] Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
[902588] Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
[902566] Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)
[902516] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
[902487] Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)
[902484] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)
[902463] Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)
[902440] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)
[902425] Microsoft Windows SMB Accessible Shares
[902403] Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
[902377] Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
[902337] Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)
[902290] Microsoft Windows Active Directory SPN Denial of Service (2478953)
[902289] Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)
[902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
[902280] Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)
[902277] Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
[902276] Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)
[902269] Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
[902263] Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)
[902262] Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
[902256] Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability
[902232] Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)
[902231] Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)
[902227] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
[902226] Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)
[902094] Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)
[902093] Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)
[902067] Microsoft Windows Kernel Mode Drivers Privilege Escalation Vulnerabilities (979559)
[902033] Microsoft Windows '.ani' file Denial of Service vulnerability
[901305] Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809)
[901304] Microsoft Windows File Handling Component Remote Code Execution Vulnerability (2758857)
[901301] Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
[901212] Microsoft Windows DirectPlay Remote Code Execution Vulnerability (2770660)
[901211] Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
[901209] Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)
[901205] Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)
[901193] Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)
[901169] Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)
[901164] Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
[901163] Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
[901150] Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)
[901140] Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
[901119] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (980218)
[901102] Microsoft Windows Media Services Remote Code Execution Vulnerability (980858)
[901065] Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
[901064] Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
[901063] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
[901048] Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
[901012] Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
[900965] Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
[900963] Microsoft Windows Kernel Privilege Escalation Vulnerability (971486)
[900957] Microsoft Windows Patterns & Practices EntLib DOS Vulnerability
[900956] Microsoft Windows Patterns & Practices EntLib Version Detection
[900908] Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
[900907] Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)
[900886] Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
[900881] Microsoft Windows Indexing Service ActiveX Vulnerability (969059)
[900880] Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525)
[900879] Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112)
[900877] Microsoft Windows LSASS Denial of Service Vulnerability (975467)
[900876] Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571)
[900873] Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
[900838] Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
[900814] Microsoft Windows WINS Remote Code Execution Vulnerability (969883)
[900757] Microsoft Windows Media Player '.AVI' File DOS Vulnerability
[900740] Microsoft Windows Kernel Could Allow Elevation of Privilege (977165)
[900568] Microsoft Windows Search Script Execution Vulnerability (963093)
[900465] Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
[900404] Microsoft Windows RTCP Unspecified Remote DoS Vulnerability
[900336] Microsoft Windows Media Player MID File Integer Overflow Vulnerability
[900297] Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
[900296] Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)
[900295] Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)
[900281] Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
[900280] Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
[900266] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)
[900263] Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)
[900248] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)
[900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
[900240] Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
[900237] Microsoft Windows Authentication Verification Remote Code Execution Vulnerability (981210)
[900236] Microsoft Windows Kernel Could Allow Elevation of Privilege (979683)
[900235] Microsoft Windows Media Player Could Allow Remote Code Execution (979402)
[900232] Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (975561)
[900230] Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
[900227] Microsoft Windows Shell Handler Could Allow Remote Code Execution Vulnerability (975713)
[900178] Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability
[900173] Microsoft Windows Media Player Version Detection
[900172] Microsoft Windows Media Player 'MIDI' or 'DAT' File DoS Vulnerability
[900108] Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
[803007] Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
[802888] Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
[802634] Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)
[802500] Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
[802426] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)
[802383] Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
[802379] Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
[802260] Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)
[802140] Microsoft Explorer HTTPS Sessions Multiple Vulnerabilities (Windows)
[802136] Microsoft Windows Insecure Library Loading Vulnerability (2269637)
[801991] Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
[801966] Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
[801914] Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability
[801719] Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)
[801718] Microsoft Windows Vista Information Disclosure Vulnerability (931213)
[801717] Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
[801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
[801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
[801706] Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)
[801705] Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)
[801701] Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
[801669] Microsoft Windows IIS FTP Server DOS Vulnerability
[801598] Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
[801580] Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
[801527] Microsoft Windows 32-bit Platforms Unspecified vulnerabilities
[801487] Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)
[801486] Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
[801484] Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
[801483] Microsoft Windows Search Remote Code Execution Vulnerability (959349)
[801482] Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
[801479] Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)
[801457] Microsoft Windows Address Book Insecure Library Loading Vulnerability
[801456] Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
[801333] Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities
[801090] Microsoft Windows Indeo Codec Multiple Vulnerabilities
[800862] Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
[800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
[800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
[800504] Microsoft Windows XP SP3 denial of service vulnerability
[800480] Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
[800466] Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
[800442] Microsoft Windows GP Trap Handler Privilege Escalation Vulnerability
[800332] Microsoft Windows Live Messenger Information Disclosure Vulnerability
[800331] Microsoft Windows Live Messenger Client Version Detection
[800328] Integer Overflow vulnerability in Microsoft Windows Media Player
[800310] Microsoft Windows Media Services nskey.dll ActiveX BOF Vulnerability
[800023] Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)
[102059] Microsoft Windows Vector Markup Language Buffer Overflow (938127)
[102055] Microsoft Windows GDI Multiple Vulnerabilities (925902)
[102053] Microsoft Windows Vector Markup Language Vulnerabilities (929969)
[100624] Microsoft Windows SMTP Server DNS spoofing vulnerability
[100596] Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability
[100283] Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
[90024] Windows Vulnerability in Microsoft Jet Database Engine
[903037] Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2706045)
[903030] Google Chrome Multiple Vulnerabilities(02) - May 12 (Windows)
[903029] Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)
[903026] Microsoft Office Remote Code Execution Vulnerabilities (2663830)
[903017] Microsoft Office Remote Code Execution Vulnerability (2639185)
[903014] Adobe Flash Player/Air Code Execution and DoS Vulnerabilities (Windows)
[903007] Google Chrome Full Sandbox Escape and Code Execution Vulnerability (Windows)
[903004] Google Chrome Multiple Vulnerabilities (Windows) - Mar 12
[903003] GOM Media Player 'Open URL' Feature Unspecified Vulnerability (Windows)
[903002] GOM Media Player 'AVI' File Unspecified Vulnerability (Windows)
[903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
[902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
[902932] Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities (2761451)
[902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
[902930] Microsoft Office Remote Code Execution Vulnerabilities (2720184)
[902923] Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
[902922] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135)
[902921] Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
[902920] Microsoft Office Remote Code Execution Vulnerability (2731879)
[902919] Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
[902917] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162)
[902914] Microsoft IIS GET Request Denial of Service Vulnerability
[902913] Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X)
[902912] Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X)
[902911] Microsoft Office Word Remote Code Execution Vulnerability (2680352)
[902910] Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981)
[902907] Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653)
[902903] Google Chrome Multiple Vulnerabilities - Jan12 (Windows)
[902842] Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
[902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
[902839] Microsoft FrontPage Server Extensions MS-DOS Device Name DoS Vulnerability
[902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
[902836] PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability (Windows)
[902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
[902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
[902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
[902818] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
[902817] Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
[902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
[902810] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465)
[902808] IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows)
[902798] Microsoft SMB Signing Enabled and Not Required At Server
[902797] Microsoft SMB Signing Information Disclosure Vulnerability
[902796] Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
[902792] MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637)
[902791] MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719)
[902786] Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows)
[902785] Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)
[902781] Windows Media Player Denial Of Service Vulnerability
[902775] Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows)
[902774] Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows)
[902770] FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11
[902768] MS Windows Active Directory Remote Code Execution Vulnerability (2640045)
[902767] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
[902765] Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
[902760] ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
[902746] Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
[902738] Adobe Flash Player Multiple Vulnerabilities September-2011 (Windows)
[902727] Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
[902709] Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
[902708] Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
[902705] VLC Media Player '.AVI' File BOF Vulnerability (Windows)
[902704] VLC Media Player '.RM' File BOF Vulnerability (Windows)
[902696] Microsoft Internet Explorer Multiple Vulnerabilities (2761465)
[902692] Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
[902689] Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
[902688] Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
[902686] Microsoft Internet Explorer Multiple Vulnerabilities (2719177)
[902683] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2685939)
[902682] Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
[902679] Google SketchUp '.SKP' File Remote Code Execution Vulnerability (Windows)
[902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
[902670] Microsoft Internet Explorer Multiple Vulnerabilities (2675157)
[902669] Windows Authenticode Signature Remote Code Execution Vulnerability (2653956)
[902666] Opera Multiple Vulnerabilities - March12 (Windows)
[902663] Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)
[902662] MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability
[902660] Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
[902658] Microsoft RDP Server Private Key Information Disclosure Vulnerability
[902657] Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)
[902653] MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428)
[902649] Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
[902645] Google Chrome Multiple Vulnerabilities - December11 (Windows)
[902643] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712)
[902642] Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
[902638] Apple iTunes Remote Code Execution Vulnerability (Windows)
[902635] Google Chrome V8 Remote Code Execution Vulnerability (Windows)
[902626] Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
[902625] Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
[902614] Google Chrome Secure Cookie Security Bypass Vulnerability (Windows)
[902613] Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
[902603] VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Windows)
[902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
[902580] Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)
[902567] Microsoft Office Remote Code Execution Vulnerabilites (2587634)
[902561] McAfee SaaS Endpoint Protection Version Detection (Windows)
[902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
[902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
[902549] Oracle VM VirtualBox Unspecified Vulnerability (Windows)
[902546] IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability (Windows)
[902545] IBM Informix Dynamic Server Version Detection (Windows)
[902538] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917)
[902529] ejabberd Version Detection (Windows)
[902527] ejabberd XML Parsing Denial of Service Vulnerability (Windows)
[902525] Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows)
[902524] Oracle Java SE Multiple Unspecified Vulnerabilities - June11 (Windows)
[902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
[902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
[902518] Microsoft .NET Framework Security Bypass Vulnerability
[902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
[902501] Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
[902499] MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)
[902496] Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
[902495] Microsoft Office Remote Code Execution Vulnerability (2590602)
[902494] Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
[902493] Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
[902492] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
[902486] Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704)
[902485] Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657)
[902483] Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
[902482] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799)
[902464] Microsoft Visio Remote Code Execution Vulnerabilities (2560978)
[902455] Microsoft Visio Remote Code Execution Vulnerability (2560847)
[902445] Microsoft XML Editor Information Disclosure Vulnerability (2543893)
[902444] MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426
[902443] Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
[902442] MS Windows Ancillary Function Driver Privilege Elevation Vulnerability
[902441] Windows MHTML Information Disclosure Vulnerability (2544893)
[902430] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2545814)
[902424] MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640)
[902423] Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
[902411] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
[902410] Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
[902409] Windows MHTML Information Disclosure Vulnerability (2503658)
[902408] Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308)
[902400] Adobe Products Remote Memory Corruption Vulnerability (Windows)
[902399] LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Windows)
[902398] LibreOffice Version Detection (Windows)
[902395] Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
[902392] Google Chrome Multiple Vulnerabilities (Windows) - June 11
[902387] Adobe Reader/Acrobat Security Bypass Vulnerability (Windows)
[902382] Google Chrome Multiple Vulnerabilities May11 (Windows)
[902379] Adobe Reader/Acrobat Memory Corruption Vulnerability (Windows)
[902378] Microsoft Office Excel Remote Code Execution Vulnerabilities (2537146)
[902373] Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
[902365] Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
[902364] Microsoft Office Remote Code Execution Vulnerabilites (2489293)
[902363] Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618)
[902353] Oracle Java SE Code Execution Vulnerabilities (Windows)
[902351] Microsoft Groove Remote Code Execution Vulnerability (2494047)
[902350] Oracle Java SE Code Execution Vulnerability (Windows-01)
[902349] Oracle Java SE Code Execution Vulnerability (Windows)
[902347] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
[902344] Oracle Java SE Multiple Unspecified Vulnerabilities (Windows)
[902341] VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Windows)
[902340] VLC Media Player '.mkv' Code Execution Vulnerability (Windows)
[902336] Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
[902334] Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
[902333] Tor Unspecified Heap Based Buffer Overflow Vulnerability (Windows)
[902325] Microsoft Internet Explorer 'CSS Import Rule' Use-after-free Vulnerability
[902324] Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)
[902323] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957)
[902322] Windows Local Procedure Call Privilege Elevation Vulnerability (2360937)
[902319] Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
[902306] Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows)
[902305] Mozilla Firefox Information Disclosure Vulnerability (Windows)
[902303] Adobe Products Content Code Execution Vulnerability (Windows)
[902301] Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546)
[902293] Metasploit Framework Version Detection (Windows)
[902288] Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)
[902287] Microsoft Visio Remote Code Execution Vulnerabilities (2451879)
[902285] Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
[902278] MS Windows ICSW Remote Code Execution Vulnerability (2443105)
[902275] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673)
[902274] Microsoft Publisher Remote Code Execution Vulnerability (2292970)
[902265] Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
[902264] Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
[902255] Microsoft Visual Studio Insecure Library Loading Vulnerability
[902254] Microsoft Office Products Insecure Library Loading Vulnerability
[902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
[902246] Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
[902243] Microsoft Outlook TNEF Remote Code Execution Vulnerability (2315011)
[902242] Mozilla Products Insecure Library Loading Vulnerability (Windows)
[902239] Wireshark File Opening Insecure Library Loading Vulnerability (Windows)
[902238] Skype Insecure Library Loading Vulnerability (Windows)
[902230] Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
[902229] Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)
[902228] Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
[902217] Microsoft Outlook SMB Attachment Remote Code Execution Vulnerability (978212)
[902210] Microsoft IE cross-domain IFRAME gadgets keystrokes steal Vulnerability
[902204] Mozilla Products Multiple Vulnerabilities june-10 (Windows)
[902203] Opera Browser Multiple Vulnerabilities (Windows)
[902197] Wireshark SMB PIPE Dissector Denial of Service Vulnerability (Windows)
[902196] Wireshark SMB dissector Denial of Service Vulnerability (Windows)
[902195] Wireshark ASN.1 BER Dissector Buffer Overflow Vulnerability (Windows)
[902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
[902192] Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
[902191] Microsoft Internet Explorer Multiple Vulnerabilities (982381)
[902186] Mozilla Firefox Multiple Denial Of Service vulnerabilities (Windows)
[902185] Mozilla Products 'IFRAME' Denial Of Service vulnerability (Windows)
[902183] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability
[902182] Opera Browser Multiple Denial Of Service Vulnerability (Windows)
[902178] Microsoft Visual Basic Remote Code Execution Vulnerability (978213)
[902176] Microsoft SharePoint '_layouts/help.aspx' Cross Site Scripting Vulnerability
[902167] Sun Java Deployment Toolkit Multiple Vulnerabilities (Windows)
[902166] Microsoft Internet Explorer 'neutering' Mechanism XSS Vulnerability
[902161] Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
[902159] Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
[902158] Microsoft Office Publisher Remote Code Execution Vulnerability (981160)
[902157] Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
[902156] Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
[902155] Microsoft Internet Explorer Multiple Vulnerabilities (980182)
[902151] Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
[902149] Mozilla Products Multiple Vulnerabilities Mar-10 (Windows)
[902147] Mozilla Firefox Unspecified Vulnerability Mar-10 (Windows)
[902133] Microsoft Office Excel Multiple Vulnerabilities (980150)
[902130] Mozilla Products Multiple Vulnerabilities feb-10 (Windows)
[902128] Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
[902120] Google Chrome Multiple Vulnerabilities - (Windows)
[902117] Microsoft DirectShow Remote Code Execution Vulnerability (977935)
[902116] Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
[902115] Microsoft Kerberos Denial of Service Vulnerability (977290)
[902114] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (975416)
[902112] Microsoft SMB Client Remote Code Execution Vulnerabilities (978251)
[902098] Novell iPrint Client Multiple Vulnerabilities (windows)
[902095] Microsoft Office Excel Remote Code Execution Vulnerability (2269707)
[902080] Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
[902075] XnView 'MBM' Processing Buffer Overflow Vulnerability (Windows)
[902073] Google Chrome 'WebKit' Multiple Vulnerabilities (Windows) - June 10
[902069] Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
[902068] Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
[902060] Cybozu Office Authentication Bypass Vulnerability (Windows)
[902045] aMSN session hijack vulnerability (Windows)
[902044] aMSN Version Detection (Windows)
[902039] Microsoft Visio Remote Code Execution Vulnerabilities (980094)
[902038] Microsoft MPEG Layer-3 Codecs Remote Code Execution Vulnerability (977816)
[902027] Mozilla Firefox Unspecified Vulnerability (Windows)
[902015] Microsoft Paint Remote Code Execution Vulnerability (978706)
[901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
[901208] Microsoft Internet Explorer Multiple Vulnerabilities (2586448)
[901197] Google Chrome multiple vulnerabilities - March 11 (Windows)
[901190] Google Chrome Use-After-Free Vulnerability (Windows)
[901182] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628)
[901181] Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687)
[901180] Microsoft Internet Explorer Multiple Vulnerabilities (2482017)
[901174] OpenSC Version Detection (Windows)
[901173] Windows Backup Manager Remote Code Execution Vulnerability (2478935)
[901166] Microsoft Office Remote Code Execution Vulnerabilites (2423930)
[901165] Windows Common Control Library Remote Code Execution Vulnerability (2296011)
[901162] Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
[901161] Microsoft ASP.NET Information Disclosure Vulnerability (2418042)
[901153] Google Chrome multiple vulnerabilities Sep-10 (Windows)
[901151] Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)
[901145] FreeType Unspecified Vulnerability (Windows)
[901144] FreeType Version Detection (Windows)
[901143] FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
[901142] FreeType Multiple denial of service vulnerabilities (Windows)
[901139] Microsoft Internet Explorer Multiple Vulnerabilities (2183461)
[901120] Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
[901097] Microsoft Internet Explorer Multiple Vulnerabilities (978207)
[901095] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
[901082] IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows)
[901069] Microsoft Office Project Remote Code Execution Vulnerability (967183)
[901047] MS Windows License Logging Server Remote Code Execution Vulnerability (974783)
[901041] Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
[901039] Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
[900973] Microsoft Office Word Remote Code Execution Vulnerability (976307)
[900964] Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
[900944] Microsoft IIS FTP Server 'ls' Command DOS Vulnerability
[900929] Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
[900898] Microsoft Internet Explorer 'XSS Filter' XSS Vulnerabilities - Nov09
[900897] Microsoft Internet Explorer PDF Information Disclosure Vulnerability - Nov09
[900891] Microsoft Internet Denial Of Service Vulnerability - Nov09
[900887] Microsoft Office Excel Multiple Vulnerabilities (972652)
[900878] Microsoft Products GDI Plus Code Execution Vulnerabilities (957488)
[900874] Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
[900863] Microsoft Internet Explorer 'window.print()' DOS Vulnerability
[900837] Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
[900836] Microsoft Internet Explorer Address Bar Spoofing Vulnerability
[900826] Microsoft Internet Explorer 'location.hash' DOS Vulnerability
[900813] Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
[900809] Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706)
[900808] Microsoft Visual Products Version Detection
[900799] Ruby Interpreter Version Detection (Windows)
[900752] XnView DICOM Parsing Integer Overflow Vulnerability (Windows)
[900741] Microsoft Internet Explorer Information Disclosure Vulnerability Feb10
[900725] Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09
[900724] Windows XP 'SPI_GETDESKWALLPAPER' DoS Vulnerability
[900711] Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
[900690] Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856)
[900689] Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
[900670] Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
[900669] Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
[900589] Microsoft ISA Server Privilege Escalation Vulnerability (970953)
[900588] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
[900567] Microsoft IIS Security Bypass Vulnerability (970483)
[900566] Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
[900479] PostgreSQL Version Detection (Windows)
[900476] Microsoft Excel Remote Code Execution Vulnerabilities (968557)
[900461] Microsoft MSN Live Messneger Denial of Service Vulnerability
[900445] Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
[900400] Microsoft Internet Explorer Unicode String DoS Vulnerability
[900391] Microsoft Office Publisher Remote Code Execution Vulnerability (969516)
[900366] Microsoft Internet Explorer Web Script Execution Vulnerabilites
[900365] Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
[900337] Microsoft Internet Explorer Denial of Service Vulnerability - Apr09
[900328] Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
[900322] Tor Replay Attack Vulnerability (Windows)
[900314] Microsoft XML Core Service Information Disclosure Vulnerability
[900303] Microsoft Internet Explorer HTML Form Value DoS Vulnerability
[900302] MS Windows taskmgr.exe Information Disclosure Vulnerability
[900299] Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
[900298] MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454)
[900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
[900288] Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
[900287] Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)
[900285] Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
[900283] Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223)
[900282] Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
[900279] Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
[900278] Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
[900273] Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
[900267] Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
[900262] Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
[900261] Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2293386)
[900246] Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
[900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
[900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
[900228] Microsoft Office (MSO) Remote Code Execution Vulnerability (978214)
[900223] Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
[900218] IBM DB2 Server Detection (Windows)
[900192] Microsoft Internet Explorer Information Disclosure Vulnerability
[900187] Microsoft Internet Explorer Argument Injection Vulnerability
[900170] Microsoft iExplorer '&NBSP
[900131] Microsoft Internet Explorer Denial of Service Vulnerability
[900128] CuteNews Version Detection for Windows
[900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
[900123] Apple iTunes Version Detection for Windows
[900120] Microsoft Organization Chart Remote Code Execution Vulnerability
[900097] Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
[900095] Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
[900094] Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
[900093] Microsoft DirectShow Remote Code Execution Vulnerability (961373)
[900092] Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
[900086] Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
[900080] Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
[900079] Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
[900064] Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
[900063] Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
[900061] Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
[900060] Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
[900058] Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
[900052] Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155)
[900051] Windows Kernel Elevation of Privilege Vulnerability (954211)
[900048] Microsoft Excel Remote Code Execution Vulnerability (956416)
[900047] Microsoft Office nformation Disclosure Vulnerability (957699)
[900046] Microsoft Office Remote Code Execution Vulnerabilities (955047)
[900045] Windows Media Player 11 Remote Code Execution Vulnerability (954154)
[900044] Windows Media Encoder 9 Remote Code Execution Vulnerability (954156)
[900036] Opera Version Detection for Windows
[900034] Windows Messenger Could Allow Information Disclosure Vulnerability (955702)
[900033] Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
[900029] Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
[900028] Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
[900025] Microsoft Office Version Detection
[900012] Enumerates List of Windows Hotfixes
[900006] Microsoft Word Could Allow Remote Code Execution Vulnerability
[900004] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
[900003] Apple Safari Detect Script (Windows)
[900002] Apple Safari for Windows Multiple Vulnerabilities July-08
[900001] Opera for Windows Unspecified Code Execution Vulnerabilities July-08
[855466] Solaris Update for OpenWindows 3.6.1 108117-06
[855393] Solaris Update for OpenWindows 3.6.2 111626-04
[855334] Solaris Update for OpenWindows 3.6.2 113792-01
[855246] Solaris Update for OpenWindows 3.7.3 119903-02
[855173] Solaris Update for OpenWindows 3.7.0 112811-02
[855057] Solaris Update for OpenWindows 3.6.2 110286-16
[803479] Adobe Acrobat Multiple Vulnerabilities - Windows
[803456] Adobe Air Multiple Vulnerabilities - December12 (Windows)
[803454] Adobe Air Multiple Vulnerabilities - November12 (Windows)
[803451] Adobe Air Multiple Vulnerabilities - October 12 (Windows)
[803354] Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows)
[803353] Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows)
[803352] Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows)
[803351] Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows)
[803350] Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows)
[803349] Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)
[803347] Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows)
[803336] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 03)
[803335] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 02)
[803334] Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01)
[803127] Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)
[803121] Google Chrome Multiple Vulnerabilities-02 Dec2012 (Windows)
[803118] Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows)
[803103] Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows)
[803102] Pidgin MXit Message Parsing Buffer Overflow Vulnerability (Windows)
[803086] LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows)
[803084] LibreOffice Graphic Object Loading Buffer Overflow Vulnerability (Windows)
[803083] OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows)
[803081] Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows)
[803074] Adobe Flash Player Multiple Vulnerabilities - December12 (Windows)
[803070] Wireshark Multiple Dissector Multiple Vulnerabilities - Dec12 (Windows)
[803068] Wireshark Multiple Dissector Multiple DoS Vulnerabilities - Dec12 (Windows)
[803064] LibreOffice Import Files Denial of Service Vulnerabilities (Windows)
[803061] Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows)
[803059] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)
[803057] Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)
[803055] Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)
[803047] Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows)
[803044] Adobe Flash Player Multiple Vulnerabilities - November12 (Windows)
[803043] RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows)
[803040] Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)
[803038] Google SketchUp '.SKP' File Memory Corruption Vulnerability (Windows)
[803028] Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
[803025] Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows)
[803021] Oracle Java SE JRE AWT Component Unspecified Vulnerability - (Windows)
[803020] Oracle Java SE JRE Multiple Remote Code Execution Vulnerabilities - (Windows)
[803017] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows)
[803015] Mozilla Firefox Multiple Vulnerabilities - August12 (Windows)
[803013] Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows)
[803011] Mozilla Products Multiple Vulnerabilities - August12 (Windows)
[803001] Opera Multiple Vulnerabilities - August12 (Windows)
[802996] Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows)
[802994] Mozilla Firefox Multiple Vulnerabilities-01 (Windows)
[802991] Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows)
[802989] Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows)
[802986] Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows)
[802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability
[802978] Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Windows)
[802975] Google Chrome Windows Kernel Memory Corruption Vulnerability
[802972] Google Chrome Multiple Vulnerabilities - Sep12 (Windows-01)
[802962] Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows)
[802960] Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
[802954] Adobe Reader Multiple Unspecified Vulnerabilities - Windows
[802952] Adobe Flash Player Multiple Vulnerabilities -01 August 12 (Windows)
[802951] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(02) - (Windows)
[802950] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - (Windows)
[802949] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities(01) - (Windows)
[802948] Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - (Windows)
[802947] Oracle Java SE Java Runtime Environment Code Execution Vulnerability - (Windows)
[802945] Wireshark Multiple Vulnerabilities(01) - August 2012 (Windows)
[802944] Wireshark Multiple Vulnerabilities - August 2012 (Windows)
[802943] Wireshark GSM RLC MAC dissector Buffer Overflow Vulnerability (Windows)
[802940] Adobe Flash Player Font Parsing Code Execution Vulnerability - (Windows)
[802938] Adobe Shockwave Player Multiple Vulnerabilities - August 2012 (Windows)
[802936] Adobe Reader Multiple Vulnerabilities - Windows
[802935] Pidgin 'Libpurple' Cipher API Information Disclosure Vulnerability (Windows)
[802932] Google Chrome PDF Viewer Multiple Vulnerabilities (Windows)
[802928] Google Chrome Multiple Vulnerabilities - August 12 (Windows)
[802925] Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows)
[802922] VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows)
[802920] VLC Media Player 'MP4' Denial of Service Vulnerability (Windows)
[802917] Google Chrome Multiple Vulnerabilities(01) - July 12 (Windows)
[802912] Microsoft Unauthorized Digital Certificates Spoofing Vulnerability (2728973)
[802907] Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)
[802906] Pidgin MSN and XMPP Denial of Service Vulnerabilities (Windows)
[802898] Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Windows)
[802895] Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows)
[802893] Mozilla Products Certificate Page Clickjacking Vulnerability (Windows)
[802891] Mozilla Firefox Multiple Vulnerabilities - July12 (Windows)
[802889] Mozilla Products Multiple Vulnerabilities - July12 (Windows)
[802886] Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
[802880] Google Chrome Multiple Vulnerabilities - July 12 (Windows)
[802871] Adobe Flash Player Multiple Vulnerabilities June-2012 (Windows)
[802869] Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows)
[802865] Mozilla Products Multiple Vulnerabilities - June12 (Windows)
[802864] Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
[802848] Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows)
[802842] Mozilla Products Security Bypass Vulnerability - May12 (Windows)
[802840] Mozilla Products Multiple Vulnerabilities - May12 (Windows)
[802835] Google Chrome Multiple Vulnerabilities-02 - April 12 (Windows)
[802820] Mozilla Products Multiple Vulnerabilities - Mar12 (Windows)
[802811] Adobe Flash Player Multiple Vulnerabilities (Windows) - Mar12
[802807] Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
[802806] Microsoft IIS Default Welcome Page Information Disclosure Vulnerability
[802803] Adobe Flash Player Multiple Vulnerabilities (Windows) - Feb12
[802796] Apple Safari Webkit Multiple Vulnerabilities - May 12 (Windows)
[802795] Apple QuickTime Multiple Vulnerabilities - (Windows)
[802792] Google Chrome Multiple Vulnerabilities - May 12 (Windows)
[802790] Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows)
[802782] Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows)
[802781] Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
[802779] Adobe Shockwave Player Multiple Code Execution and DoS Vulnerabilities (Windows)
[802774] Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
[802772] Adobe Flash Player Object Confusion Remote Code Execution Vulnerability (Windows)
[802761] Wireshark Multiple Vulnerabilities - April 12 (Windows)
[802760] Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Windows)
[802759] Wireshark Multiple Denial of Service Vulnerabilities - April 12 (Windows)
[802748] Adobe Reader Multiple Vulnerabilities April-2012 (Windows)
[802732] Google Chrome Multiple Vulnerabilities - April 12 (Windows)
[802726] Microsoft SMB Signing Disabled
[802722] VLC Media Player Multiple Vulnerabilities - Mar 12 (Windows)
[802717] Google Chrome 'History navigation' Arbitrary Code Execution Vulnerability (Windows)
[802714] Google Chrome 'GPU process' Multiple Vulnerabilities (Windows)
[802713] Pidgin Multiple Denial of Service Vulnerabilities (Windows)
[802708] Microsoft Internet Explorer Code Execution and DoS Vulnerabilities
[802700] Google Chrome 'HTTP session' Information Disclosure Vulnerability (Windows)
[802684] IBM Director CIM Server CIMListener Directory Traversal Vulnerability (Windows)
[802681] Oracle Java SE Hash Collision DoS Vulnerability (Windows)
[802680] Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows)
[802677] CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows)
[802670] PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)
[802652] Opera URL Processing Arbitrary Code Execution Vulnerability (Windows)
[802649] Opera Multiple Denial of Service Vulnerabilities - June12 (Windows)
[802646] Opera Multiple Vulnerabilities - June12 (Windows)
[802612] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 03)
[802611] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 02)
[802610] Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01)
[802600] IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities (Windows)
[802597] Google Chrome Multiple Vulnerabilities - February 12 (Windows 01)
[802594] Google Chrome Multiple Vulnerabilities - February 12 (Windows)
[802592] Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows)
[802591] PHP 'magic_quotes_gpc' Directive Security Bypass Vulnerability (Windows)
[802590] PHP 'php_register_variable_ex()' Remote Code Execution Vulnerability (Windows)
[802581] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01)
[802580] Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows)
[802579] Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)
[802566] PHP Multiple Denial of Service Vulnerabilities (Windows)
[802562] Strawberry Perl Modules Multiple Vulnerabilities (Windows)
[802558] Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows
[802557] LibreOffice 'DOC' File Denial of Service Vulnerability (Windows)
[802547] Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Windows)
[802545] Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows)
[802542] Adobe Reader/Acrobat 'U3D' Component Memory Corruption Vulnerability - Windows
[802540] Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
[802518] Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows)
[802517] Mozilla Products Privilege Escalation Vulnerabily (Windows)
[802511] Mozilla Products Multiple Vulnerabilities (Windows)
[802510] Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows)
[802509] Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
[802508] Adobe Shockwave Player Multiple Vulnerabilities (Windows) - Nov 2011
[802505] FFFTP Untrusted Search Path Vulnerability (Windows)
[802504] PHP 'is_a()' Function Remote Arbitrary Code Execution Vulnerability (Windows)
[802503] Wireshark CSN.1 Dissector Denial of Service Vulnerability (Windows)
[802502] Wireshark Heap Based BOF and Denial of Service Vulnerabilities (Windows)
[802499] Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
[802496] Google Chrome Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
[802490] Google Chrome Multiple Vulnerabilities - Nov2012 (Windows)
[802488] VLC Media Player 'libpng_plugin' Denial of Service Vulnerability (Windows)
[802485] Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows)
[802482] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 oct12 (Windows)
[802481] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-03 oct12 (Windows)
[802480] VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows)
[802479] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 oct12 (Windows)
[802478] Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 Oct (Windows)
[802473] Google Chrome Multiple Vulnerabilities-02 Oct12 (Windows)
[802470] Google Chrome Multiple Vulnerabilities-01 Oct12 (Windows)
[802468] Compatibility Issues Affecting Signed Microsoft Binaries (2749655)
[802462] Microsoft ActiveSync Null Pointer Dereference Denial Of Service Vulnerability
[802451] Google Chrome Multiple Vulnerabilities - Sep12 (Windows)
[802450] Opera Address Bar Spoofing Vulnerability (Windows)
[802444] XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)
[802443] XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows)
[802435] Opera 'X.509' Certificates Spoofing Vulnerability (Windows)
[802420] VLC Media Player '.amr' File Denial of Service Vulnerability (Windows)
[802403] MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690)
[802398] Adobe Shockwave Player Multiple Vulnerabilities - Feb 2012 (Windows)
[802395] Opera Large Integer Argument Denial of Service Vulnerability (Windows)
[802374] Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
[802365] Opera Cache History Information Disclosure Vulnerability (Windows)
[802363] Opera Multiple Information Disclosure Vulnerabilities (Windows)
[802361] Opera Multiple Vulnerabilities - December11 (Windows)
[802358] Google Chrome Cache History Information Disclosure Vulnerabilities (Windows)
[802355] Google Chrome Multiple Information Disclosure Vulnerabilities (Windows)
[802349] PHP EXIF Header Denial of Service Vulnerability (Windows)
[802345] Google Chrome Multiple Vulnerabilities - November11 (Windows)
[802343] ChaSen Buffer Overflow Vulnerability (Windows)
[802338] Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerability (Windows)
[802332] Opera Extended Validation Information Disclosure Vulnerabilities (Windows)
[802330] PHP Multiple Vulnerabilities (Windows) - Sep 2011
[802326] Google Chrome multiple vulnerabilities - September11 (Windows)
[802316] Google Chrome Multiple Vulnerabilities - August11 (Windows)
[802314] Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
[802313] Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows)
[802309] XnView File Search Path Executable File Injection Vulnerability (Windows)
[802303] Google Chrome WebGL Texture Information Disclosure Vulnerability (Windows)
[802300] Tor Directory Authority 'policy_summarize' Denial of Service Vulnerability (Windows)
[802292] IBM Informix Dynamic Server 'oninit.exe' Buffer Overflow Vulnerability (Windows)
[802287] Microsoft Internet Explorer Cache Objects History Information Disclosure Vulnerability
[802286] Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities
[802284] Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
[802282] Apple Safari WebKit Information Disclosure Vulnerability (Windows)
[802278] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
[802277] Oracle Java SE Java Runtime Environment Unspecified Vulnerability - October 2011 (Windows)
[802276] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows04)
[802275] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows03)
[802274] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows02)
[802273] Oracle Java SE Multiple Vulnerabilities - October 2011 (Windows01)
[802262] Google Chrome Multiple Vulnerabilities - October11 (Windows)
[802255] Google Chrome Multiple Vulnerabilities - October11 (Windows)
[802249] Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows)
[802248] Wireshark Multiple Denial of Service Vulnerabilities (Windows)
[802237] Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
[802227] IBM Lotus Symphony Multiple Vulnerabilities (Windows)
[802219] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04
[802218] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03
[802217] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02
[802216] Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01
[802215] Mozilla Firefox Security Bypass Vulnerability July-11 (Windows)
[802214] Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows)
[802213] Mozilla Products Multiple Vulnerabilities July-11 (Windows)
[802212] Mozilla Firefox Multiple Vulnerabilities July-11 (Windows)
[802211] Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows)
[802206] Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
[802203] Microsoft Internet Explorer Cookie Hijacking Vulnerability
[802202] Microsoft Internet Explorer Cookie Hijacking Vulnerability
[802201] Wireshark 'bytes_repr_len' Function Denial of Service Vulnerability (Windows)
[802200] Wireshark Multiple Denial of Service Vulnerabilities (Windows)
[802198] Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)
[802175] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01)
[802174] Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (Windows)
[802173] Mozilla Products 'YARR' Code Execution Vulnerability (Windows)
[802172] Mozilla Products Same Origin Policy Bypass Vulnerability (Windows)
[802171] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows)
[802170] Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows)
[802169] Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows)
[802166] Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows)
[802165] Adobe Reader Unspecified Vulnerability (Windows)
[802153] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows)
[802152] Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (Windows)
[802151] Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows)
[802150] Mozilla Products Multiple Vulnerabilities (Windows)
[802149] Mozilla Firefox Untrusted Search Path Vulnerability (Windows)
[802147] Mozilla Products 'SVG' Code Execution Vulnerability (Windows)
[802141] Opera 'HTTPS-Session' Multiple Vulnerabilities (Windows)
[802138] Mozilla Firefox Multiple Vulnerabilities August-11 (Windows)
[802133] Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
[802126] Google Chrome 'GetWidget' methods DoS Vulnerability (Windows)
[802119] VLC Media Player 'AMV' Denial of Service Vulnerability (Windows)
[802113] Opera Browser 'SRC' Denial of Service Vulnerability (Windows)
[802112] Opera Browser Multiple Vulnerabilities Jul-11 (Windows)
[802111] Opera Browser Multiple Vulnerabilities Jul-11 (Windows)
[802110] Adobe Reader and Acrobat Multiple BOF Vulnerabilities June-2011 (Windows)
[802107] Opera Browser Multiple Vulnerabilities Jul-11 (Windows)
[802102] Google Chrome Multiple Vulnerabilities - June 11(Windows)
[802100] Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows)
[801951] Novell iPrint Client 'printer-url' Multiple BOF Vulnerabilities (Windows)
[801935] Microsoft Silverlight Multiple Memory Leak Vulnerabilities
[801934] Microsoft Silverlight Version Detection
[801921] Adobe Products Arbitrary Code Execution Vulnerability (Windows)
[801905] Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11 (Windows)
[801904] Mozilla Products Buffer Overflow Vulnerability March-11 (Windows)
[801903] Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows)
[801902] Mozilla Products Multiple Vulnerabilities March-11 (Windows)
[801898] TigerVNC SSL Certificate Validation Security Bypass Vulnerability (Windows)
[801897] TigerVNC Version Detection (Windows)
[801890] Google Chrome Multiple Denial of Service Vulnerabilities - May11 (Windows)
[801887] Mozilla Products Unspecified Vulnerability May-11 (Windows)
[801886] Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows)
[801885] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02
[801884] Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01
[801883] Mozilla Products Multiple Vulnerabilities May-11 (Windows)
[801878] Google Chrome multiple vulnerabilities - May11 (Windows)
[801876] Microsoft Internet Explorer 'msxml.dll' Information Disclosure Vulnerability
[801875] Mozilla Firefox Information Disclosure Vulnerability (Windows)
[801872] Synergy Protocol Information Disclosure Vulnerability (Windows)
[801871] Synergy Version Detection (Windows)
[801855] Google Chrome multiple vulnerabilities - March 11 (Windows)
[801847] Adobe Flash Player Multiple Vulnerabilities February-2011 (Windows)
[801844] Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows)
[801831] Microsoft Internet Explorer Incorrect GUI Display Vulnerability
[801830] Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
[801825] Google Chrome multiple vulnerabilities - Jan11 (Windows)
[801797] Python Multiple Vulnerabilities (Windows)
[801795] Python Version Detection (Windows)
[801792] Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows)
[801790] Perl Denial of Service Vulnerability (Windows)
[801789] Google Chrome 'Sandbox' Remote Code Execution Vulnerability (Windows)
[801788] Opera Browser 'SELECT' HTML Tag Remote Memory Corruption Vulnerability (Windows)
[801786] Wireshark Denial of Service and Buffer Overflow Vulnerabilities (Windows)
[801785] Wireshark X.509if Dissector Denial of service vulnerability (Windows)
[801784] VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows)
[801782] VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Windows)
[801779] RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerability (Windows)
[801776] Google Chrome 'GPU process' Multiple Code Execution Vulnerabilities (Windows)
[801773] Google Chrome 'WebKit' CSS Implementation DoS Vulnerability (Windows)
[801772] Rsync Multiple Denial of Service Vulnerabilities (Windows)
[801771] Perl Laundering Security Bypass Vulnerability (Windows)
[801770] Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows)
[801769] Google Picasa Version Detection (Windows)
[801768] RealNetworks RealPlayer IVR File Processing Buffer Overflow Vulnerability (Windows)
[801763] Google Chrome Multiple Vulnerabilities - March 11(Windows)
[801761] Wireshark Denial of Service Vulnerability March-11 (Windows)
[801758] Wireshark Denial of Service Vulnerability March-11 (Windows)
[801757] Wireshark Multiple Vulnerabilities March-11 (Windows)
[801756] Wireshark Denial of Service Vulnerability - March-11 (Windows)
[801755] Wireshark Multiple Vulnerabilities - March-11 (Windows)
[801749] RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows)
[801747] Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)
[801742] Wireshark Denial of Service Vulnerability (Windows)
[801739] Google Chrome multiple vulnerabilities - February 11(Windows)
[801728] Opera Browser Multiple Vulnerabilities Feb-11 (Windows)
[801726] VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows)
[801725] Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
[801723] Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
[801721] Microsoft Active Directory Denial of Service Vulnerability (953235)
[801715] Microsoft XML Core Services Remote Code Execution Vulnerability (936227)
[801714] Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
[801709] Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
[801708] Vulnerability in Windows Media File Format Could Allow Remote Code Execution
[801707] Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
[801704] Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
[801702] Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
[801680] Apple QuickTime Multiple vulnerabilities - Dec10 (Windows)
[801678] Google Chrome multiple vulnerabilities - Dec10 (Windows)
[801677] Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
[801667] Google Chrome multiple vulnerabilities - Dec 10(Windows)
[801637] Mozilla Firefox Security Bypass Vulnerability (Windows)
[801629] Adobe Flash Player Multiple Vulnerabilities (Windows)
[801606] Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability
[801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
[801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
[801595] Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
[801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
[801581] MS Windows HID Functionality(Over USB) Code Execution Vulnerability
[801561] VMware Products Tools Local Privilege Escalation Vulnerability (Windows)
[801540] Google Chrome multiple vulnerabilities - November 10(Windows)
[801530] Oracle Java SE Multiple Vulnerabilities (Windows)
[801524] Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
[801520] Microsoft IIS ASP Stack Based Buffer Overflow Vulnerability
[801506] RealNetworks RealPlayer Multiple Vulnerabilities (Windows)
[801499] Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
[801498] Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
[801497] Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
[801495] Opera Browser Multiple Vulnerabilities December-10 (Windows)
[801491] Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
[801489] Microsoft Office Graphics Filters Remote Code Execution Vulnerabilities (968095)
[801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
[801485] Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)
[801481] Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
[801480] Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)
[801477] Adobe Products Content Code Execution Vulnerability (Windows)
[801475] Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows)
[801474] Opera Browser Multiple Vulnerabilities October-10 (Windows)
[801473] Google Chrome multiple vulnerabilities - October 10(Windows)
[801471] Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows)
[801470] Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows)
[801469] Mozilla Products Unspecified Vulnerability (Windows)
[801468] Mozilla Products Multiple Unspecified Vulnerabilities (Windows)
[801467] Mozilla Products Multiple Vulnerabilities October-10 (Windows)
[801465] Adobe Flash Player Untrusted search path vulnerability (windows)
[801460] Google Chrome multiple unspecified vulnerabilities - October 10(Windows)
[801452] Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows)
[801451] Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows)
[801450] Mozilla Products Multiple Vulnerabilities sep-10 (Windows)
[801447] Google Chrome multiple vulnerabilities (Windows) Sep10
[801429] VLC Media Player Meta-Information Denial of Service Vulnerability (Windows)
[801423] Novell iPrint Client Multiple Security Vulnerabilities (Windows)
[801399] MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637)
[801386] Mozilla Products Multiple Vulnerabilitie july-10 (Windows)
[801385] Mozilla Products Multiple Vulnerabilities jul-10 (Windows)
[801365] Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
[801358] MS Windows Help and Support Center Remote Code Execution Vulnerability
[801349] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability (June-10)
[801348] Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability -june 10
[801347] Mozilla Firefox 'IFRAME' Denial Of Service vulnerability (Windows)
[801345] Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability
[801344] Microsoft .NET '__VIEWSTATE' Cross-Site Scripting vulnerability
[801342] Microsoft ASP.NET Cross-Site Scripting vulnerability
[801331] Opera Browser 'document.write()' Code execution Vulnerability (Windows)
[801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
[801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows)
[801319] VMware Products Multiple Vulnerabilities (Windows)
[801302] Skype Extras Manager Unspecified Vulnerability (Windows)
[801301] Skype Version Detection (Windows)
[801257] Opera Browser Multiple Vulnerabilities August-10 (Windows)
[801216] Opera 'IFRAME' Denial Of Service vulnerability (Windows)
[801109] Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09
[801000] Visualization Library Multiple Unspecified Vulnerabilities (Windows)
[800999] Visualization Library Version Detection (Windows)
[800968] Microsoft SharePoint Team Services Information Disclosure Vulnerability
[800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows)
[800966] Perl Version Detection (Windows)
[800910] Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
[800902] Microsoft Internet Explorer XSS Vulnerability - July09
[800872] Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09
[800863] Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09
[800861] Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
[800845] Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
[800829] Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability
[800770] Google Chrome Multiple Vulnerabilities Windows - May10
[800761] HP System Management Homepage Unspecified Vulnerability (Windows)
[800755] Mozilla Products Firebug Code Execution Vulnerability (Windows)
[800753] Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows)
[800752] Mozilla Products Multiple Code Execution vulnerabilities (Windows
[800751] Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows)
[800750] Mozilla Products Denial of Service Vulnerability (Windows)
[800742] Microsoft Internet Explorer Unspecified vulnerability
[800700] Microsoft GDIPlus PNG Infinite Loop Vulnerability
[800669] Microsoft Internet Explorer Denial Of Service Vulnerability - July09
[800505] Microsoft HTML Help Workshop buffer overflow vulnerability
[800499] Oracle Java SE Multiple Vulnerabilities (Windows)
[800481] Microsoft SharePoint Cross Site Scripting Vulnerability
[800461] Microsoft Internet Explorer Information Disclosure Vulnerability (980088)
[800435] Google SketchUp Multiple Vulnerabilities (Windows)
[800429] Microsoft Internet Explorer Remote Code Execution Vulnerability (979352)
[800382] Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
[800347] Microsoft Internet Explorer Clickjacking Vulnerability
[800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
[800337] Microsoft Internet Explorer NULL Pointer DoS Vulnerability
[800267] Microsoft GDIPlus Library File Integer Overflow Vulnerability
[800247] Wireshark Multiple Vulnerabilities Feb-09 (Windows)
[800218] Microsoft Money 'prtstb06.dll' Denial of Service vulnerability
[800217] Microsoft Money Version Detection
[800215] PGP Desktop Version Detection (Windows)
[800209] Microsoft Internet Explorer Version Detection (Win)
[800208] Microsoft Internet Explorer Anti-XSS Filter Vulnerabilities
[800192] HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows
[800120] Google Chrome Version Detection (Windows)
[800106] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)
[800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
[800082] Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability
[800040] Wireshark Multiple Vulnerabilities - Oct08 (Windows)
[800016] Mozilla SeaMonkey Version Detection (Windows)
[800000] VMWare products version detection (Windows)
[103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
[102015] Microsoft RPC Interface Buffer Overrun (KB824146)
[101100] Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
[101018] Windows SharePoint Services detection
[101017] Microsoft MS03-018 security check
[101016] Microsoft MS03-022 security check
[101015] Microsoft MS03-034 security check
[101014] Microsoft MS00-078 security check
[101012] Microsoft MS03-051 security check
[101010] Microsoft Security Bulletin MS05-004
[101009] Microsoft Security Bulletin MS06-033
[101007] Microsoft dotNET version grabber
[101006] Microsoft Security Bulletin MS06-056
[101005] Microsoft Security Bulletin MS07-040
[101004] Microsoft MS04-017 security check
[101003] Microsoft MS00-058 security check
[101000] Microsoft MS00-060 security check
[100952] Microsoft IIS FTPd NLST stack overflow
[100950] Microsoft DNS server internal hostname disclosure detection
[100608] Windows NT NNTP Component Buffer Overflow
[100607] Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
[100357] Cisco VPN Client for Windows 'StartServiceCtrlDispatche' Local Denial of Service Vulnerability
[100062] Microsoft Remote Desktop Protocol Detection
[96204] Get Windows Eventlog Entries over WMI
[90020] Windows vulnerability in DNS Client Could Allow Spoofing (945553)
[80007] Microsoft MS00-06 security check
[64922] Debian Security Advisory DSA 1890-1 (wxwindows2.4 wxwidgets2.6 wxwidgets2.8)
[20377] Windows Server Update Services detection
[14229] HTTP Directory Traversal (Windows)
[13752] Denial of Service (DoS) in Microsoft SMS Client
[11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
[11887] Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
[11808] Microsoft RPC Interface Buffer Overrun (823980)
[11443] Microsoft IIS UNC Mapped Virtual Host Vulnerability
[11433] Microsoft ISA Server DNS - Denial Of Service (MS03-009)
[11429] Windows Messenger is installed
[11217] Microsoft's SQL Version Query
[11177] Flaw in Microsoft VM Could Allow Code Execution (810030)
[11160] Windows Administrator NULL FTP password
[11147] Unchecked Buffer in Windows Help(Q323255)
[11146] Microsoft RDP flaws could allow sniffing and DOS(Q324380)
[11091] Windows Network Manager Privilege Elevation (Q326886)
[11067] Microsoft's SQL Hello Overflow
[10964] Windows Debugger flaw can Lead to Elevated Privileges (Q320206)
[10930] HTTP Windows 98 MS/DOS device names DOS
[10929] FTP Windows 98 MS/DOS device names DOS
[10862] Microsoft's SQL Server Brute Force
[10755] Microsoft Exchange Public Folders Information Leak
[10680] Test Microsoft IIS Source Fragment Disclosure
[10674] Microsoft's SQL UDP Info Query
[10673] Microsoft's SQL Blank Password
[10491] ASP/ASA source using Microsoft Translate f: bug
[10144] Microsoft SQL TCP/IP listener is running
SecurityTracker - https://www.securitytracker.com:
[1028903] Microsoft Windows Unicode Scripts Processor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1028754] Microsoft Windows Defender Pathname Bug Lets Local Users Gain Elevated Privileges
[1028748] Microsoft Windows GDI+ TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
[1027934] Microsoft Windows Includes Some Invalid TURKTRUST Certificates
[1027389] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027385] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027384] Microsoft Host Integration Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027383] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027381] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027380] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1027114] Microsoft Windows Includes Some Invalid Certificates
[1027043] Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges
[1026905] Microsoft BizTalk Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026904] Microsoft Visual Basic Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026903] Microsoft Visual FoxPro Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026902] Microsoft Commerce Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026900] Microsoft Office Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026899] Microsoft SQL Server Windows Common Controls (MSCOMCTL.OCX) Bug Lets Remote Users Execute Arbitrary Code
[1026685] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
[1026497] Microsoft Windows ClickOnce Feature Lets Remote Users Execute Arbitrary Code
[1026271] Microsoft Windows TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
[1026167] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
[1026103] Microsoft Windows SSL/TLS Protocol Flaw Lets Remote Users Decryption Sessions
[1026041] Microsoft Windows Components DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026037] Microsoft Windows Internet Name Service (WINS) Input Validation Flaw in ECommEndDlg() Lets Local Users Gain Elevated Privileges
[1025937] Microsoft Windows DHCPv6 Processing Flaw Lets Remote Denial of Service to RPC Services
[1025760] Microsoft Windows Bluetooth Stack Memory Access Error Lets Remote Users Execute Arbitrary Code
[1025643] Microsoft Windows Ancillary Function Driver Lets Local Users Gain Elevated Privileges
[1025634] Microsoft Windows OLE Automation Underflow Lets Remote Users Execute Arbitrary Code
[1025512] Microsoft Windows Internet Name Service Socket Send Exception Handling Bug Lets Remote Users Execute Arbitrary Code
[1025330] Microsoft WMITools and Windows Messenger ActiveX Controls Let Remote Users Execute Arbitrary Code
[1025312] Microsoft Windows Kernel Bug in AFD.sys Lets Local Users Deny Service
[1025248] Microsoft Windows Includes Some Invalid Comodo Certificates
[1024879] Microsoft Windows Internet Connection Signup Wizard May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024877] Microsoft Windows May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024874] Microsoft Windows Task Scheduler Lets Local Users Gain Elevated Privileges
[1024441] Microsoft Windows RPC Memory Allocation Error Lets Remote Users Execute Arbitrary Code
[1024312] Microsoft Windows Tracing Feature for Services Lets Local Users Gain Elevated Privileges
[1024216] Microsoft Windows Shell LNK Shortcut Processing Flaw Lets Users Execute Arbitrary Code
[1023571] Microsoft Windows Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
[1023566] Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service
[1023495] Microsoft Internet Explorer and Windows OS Shell Handler URL Validation Flaw Lets Remote Users Execute Arbitrary Code
[1022710] Microsoft Windows Internet Name Service (WINS) Buffer Overflows Let Remote Users Execute Arbitrary Code
[1022330] Microsoft Windows Bug in SETDESKWALLPAPER and GETDESKWALLPAPER Calls Let Local Users Deny Service
[1022047] Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code
[1022044] Microsoft Windows Privilege Separation and Access Control Bugs Let Local Users Gain Elevated Privileges
[1021629] Microsoft Windows Guidelines for Disabling AutoRun are Ineffective and May Permit Code Execution
[1021369] Microsoft Visual Basic DataGrid/FlexGrid/Heirarchival FlexGrid/Windows Common/Charts ActiveX Controls Let Remote Users Execute Arbitrary Code
[1020678] Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases
[1020677] Microsoft Windows Event System Bugs Let Remote Authenticated Users Execute Arbitrary Code
[1020446] Microsoft Windows AutoRun Bug May Let Users Execute Arbitrary Code
[1020006] Microsoft Windows XP 'i2omgmt.sys' Input Validation Flaw Lets Local Users Gain Elevated Privileges
[1019165] Microsoft Windows LSASS Lets Local Users Gain Elevated Privileges
[1018942] Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service
[1018831] Microsoft Windows ShellExecute() URI Handler Bug Lets Remote Users Execute Arbitrary Commands
[1017910] Microsoft Windows DNS Service RPC Stack Overflow Lets Remote Users Execute Arbitrary Code
[1017901] Microsoft Windows Help File Heap Overflow Lets Remote Users Execute Arbitrary Code
[1017827] Microsoft Windows Animated Cursor Bug Lets Remote Users Execute Arbitrary Code
[1017736] Microsoft Windows Explorer OLE Parsing Bug Lets Users Deny Service
[1017641] Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1017636] Microsoft Windows Defender Integer Overflow in Parsing PDF Files Lets Remote Users Execute Arbitrary Code
[1017441] Microsoft Windows Workstation Service Memory Allocation Error in NetrWkstaUserEnum() Lets Remote Users Deny Service
[1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code
[1017168] Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges
[1016941] Microsoft Windows Shell Integer Overflow Lets Remote Users Execute Arbitrary Code
[1016388] Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications
[1016339] Microsoft Windows 'hlink.dll' Buffer Overflow in Processing Hyperlinks Lets Remote Users Execute Arbitrary Code
[1016292] Microsoft Windows Buffer Overflow in AOL ART Image Rendering Library Lets Remote Users Execute Arbitrary Code
[1016290] Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code
[1016286] Microsoft Windows 98 Graphics Rendering Engine Buffer Overflow in Processing WMF Images Lets Remote Users Execute Arbitrary Code
[1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code
[1015897] Microsoft Windows Explorer COM Object Bug Lets Remote Users Execute Arbitrary Code
[1015765] Microsoft Windows Services Have Unsafe Default ACLs That Let Remote Authenticated Users Gain Elevated Privileges
[1015630] Microsoft Windows Web Client Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
[1015629] Microsoft Windows IGMP Processing Bug Lets Remote Users Deny Service
[1015595] Microsoft Windows UPnP/NetBT/SCardSvr/SSDP Services May Be Incorrectly Configured By 3rd Party Applications, Allowing Local Users to Gain Elevated Privileges
[1015459] Microsoft Windows Embedded Web Fonts Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1015453] Microsoft Windows Graphics Rendering Engine WMF File Memory Access Error Lets Remote Users Execute Arbitrary Code
[1015416] Microsoft Windows Unspecified WMF Rendering Bug Lets Remote Users Execute Arbitrary Code
[1015349] Microsoft Windows Internet Explorer May Let Remote Users Obfuscate the Download Dialog Box
[1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
[1015233] Microsoft Windows RPC Service May Let Remote Users Deny Service
[1015168] Microsoft Windows Buffer Overflows in Graphics Rendering Engine Lets Remote Users Execute Arbitrary Code
[1015049] Microsoft Internet Explorer Drag-and-Drop Timing May Let Remote Users Install Arbitrary Files
[1015044] Microsoft Windows Multiple COM Objects Let Remote Users Execute Arbitrary Code
[1015042] Microsoft Windows Plug and Play Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1015040] Microsoft Windows Shell Bugs in Processing '.lnk' Files and in Web View Preview Mode Lets Remote Users Execute Arbitrary Code
[1015039] Microsoft Windows Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code
[1015037] Microsoft Windows Buffer Overflows in MSDTC and COM+ Let Remote Users Execute Arbitrary Code and Local User Gain Elevated Privileges
[1015036] Microsoft Windows FTP Client Input Validation Hole Lets Remote Servers Create/Overwrite Files on the Target User's System
[1014829] Microsoft Windows Firewall User Interface May Not Properly Display Exception Rules
[1014642] Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing
[1014640] Microsoft Windows Plug and Play Stack Overflow Lets Remote Users Execute Arbitrary Code
[1014639] Microsoft Windows Telephony Service Remote Code Execution or Local Privilege Escalation
[1014638] Microsoft Windows Print Spooler Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1014498] Microsoft Windows Remote Desktop Protocol Bug Lets Remote Users Deny Service
[1014417] Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users
[1014198] Microsoft Windows Buffer Overflow in Processing Server Message Block Packets Lets Remote Users Execute Arbitrary Code
[1014196] Microsoft Windows Buffer Overflow in Web Client Service Lets Remote Authenticated Users Execute Arbitrary Code
[1013761] Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code
[1013689] Microsoft Windows Shell MSHTA Lets Remote Users Code Execute Arbitrary Scripting Code
[1013688] Microsoft Windows Kernel and Font Buffer Overflows Let Local Users Deny Service or Obtain System Privileges
[1013686] Microsoft Windows TCP, IP, and ICMP Processing Errors Let Remote Users Deny Service and Execute Arbitrary Code
[1013552] Microsoft Windows Remote Desktop 'TSShutdn.exe' Lets Remote Authenticated Users Shutdown the System
[1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
[1013120] Microsoft Windows OLE Buffer Overflow Lets Remote Users Execute Arbitrary Code and COM Access Flaw Lets Remote Authenticated Users Gain Elevated Privileges
[1013119] Microsoft Windows Hyperlink Object Library Lets Remote Users Execute Arbitrary Code
[1013117] Microsoft Windows License Logging Service Lets Remote Users Execute Arbitrary Code
[1013115] Microsoft Windows Media Player Buffer Overflow in Processing PNG Files Lets Remote Users Execute Arbitrary Code
[1013114] Microsoft Windows SMB Lets Remote Users Execute Arbitrary Code
[1013112] Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information
[1012891] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag
[1012684] Microsoft Windows LoadImage API Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1012683] Microsoft Windows ANI File Parsing Errors Let Remote Users Deny Service
[1012682] Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code
[1012626] Microsoft Windows Media Player setItemInfo Lets Remote Users Execute Arbitrary Code
[1012515] Microsoft Windows NT 4.0 Buffer Overflows in the Logging and Processing of DHCP Packets May Let Remote Users Execute Arbitrary Code
[1012513] Microsoft Windows Kernel Buffer Overflow in Processing Local Procedure Call Messages Lets Local Users Gain System Privileges
[1012458] Microsoft Internet Explorer Lets Remote Users Inject Content into Open Windows
[1012435] Microsoft Windows Resource Kit Buffer Overflow and Input Validation Holes in 'w3who.dll' May Permit Remote Code Execution and Cross-Site Scripting Attacks
[1011940] Microsoft Remote Desktop on Windows XP Lets Remote Authenticated Users Restart the System
[1011880] Microsoft Windows XP Error in Explorer in Processing WAV Files Lets Remote Users Deny Service
[1011859] Microsoft Internet Explorer on Windows XP Fails to Restrict Drag and Drop Operations When Configured to Disable These Operations
[1011647] Microsoft Windows Shell Buffer Overflows Let Remote Users Execute Arbitrary Code
[1011637] Microsoft Windows Buffer Overflow in Processing Compressed Folders Lets Remote Users Execute Arbitrary Code
[1010996] Microsoft Windows XP SP2 Local Computer Scripting Restrictions Can Be Bypassed With a Specially Crafted MHT File
[1010959] Microsoft Windows Explorer (in XP SP2) May Fail to Warn Users When Executing Untrusted Files
[1010688] Microsoft Windows Task Scheduler Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
[1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
[1010314] Microsoft Windows IPSec Filtering Can Be Bypassed By Remote Users
[1009940] Microsoft Windows Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code
[1009776] Microsoft Windows Kernel Local Descriptor Table Flaw Lets Local Users Gain Elevated Privileges
[1009771] Microsoft Windows Negotiate Security Software Provider (SSP) Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code
[1009770] Microsoft Windows Management Interface Provider Lets Local Users Gain Elevated Privileges
[1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
[1009762] Microsoft Windows COM Internet Services and RPC over HTTP Can Be Crashed By Remote Users
[1009761] Microsoft Windows COM Object Identifier Creation Flaw May Let Remote Users Cause Applications to Open Network Ports
[1009758] Microsoft Windows RCP Memory Leak Lets Remote Users Deny Service
[1009673] Microsoft Windows XP 'mswebdvd.dll' Buffer Overflow Lets Remote Users Deny Service
[1009359] Microsoft Windows Media Services Can Be Crashed By Remote Users
[1009181] Microsoft Windows Explorer Heap Overflow in Processing '.emf' Files Permits Code Execution
[1009008] Microsoft Windows Internet Naming Service (WINS) Length Validation Flaw Lets Remote Users Deny Service
[1008699] Microsoft Windows Buffer Overflow in MDAC Lets Remote Users Execute Arbitrary Code
[1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
[1008146] Microsoft Windows Workstation Service (wkssvc.dll) Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Privileges
[1007933] Microsoft Windows Messenger Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With Local System Privileges
[1007932] Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1007922] Microsoft Windows RPC Multi-threaded Race Condition Lets Remote Users Crash the Service or Execute Arbitrary Code
[1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
[1007874] Microsoft Windows OS PostThreadMessage() API Permits Local Users to Terminate Processes That Have Message Queues
[1007670] Microsoft Windows Remote Procedure Call (RPC) DCOM Activation Buffer Overflows Let Remote Users Execute Arbitrary Code
[1007615] Microsoft Windows NetBIOS Name Service May Disclose Memory Contents to Remote Users
[1007281] Microsoft Windows NT File Management Flaw May Let Remote Users Crash Certain Applications
[1007214] Microsoft Windows XP Shell Buffer Overflow in Processing Folder Display Attributes Permits Remote Code Execution
[1007212] Microsoft Windows Remote Procedure Call (RPC) Service Buffer Overflow in Processing DCOM Requests Allows Remote Code Execution
[1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
[1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
[1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
[1007059] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Has Another Buffer Overflow That Lets Remote Execute Arbitrary Code
[1007057] Microsoft Windows Media Player Access Control Flaw Lets Remote Users View, Modify, and Delete Media Library Metadata
[1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
[1006866] Microsoft Windows Media Services (nsiislog.dll) Extension to Internet Information Server (IIS) Lets Remote Execute Arbitrary Code
[1006803] Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs
[1006588] Microsoft Windows OS Kernel Messaging Buffer Overflow Lets Local Users Gain Full Control of the System
[1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
[1006532] Microsoft Windows VM Input Validation Flaw in ByteCode Verifier Lets Malicious Java Applets Execute Arbitrary Code
[1006447] Microsoft Windows Terminal Services RDP Implementation Does Not Validate Server Identity, Allowing Man-in-the-Middle Attacks
[1006323] Microsoft Windows Buffer Overflow in Windows Script Engine JScript.DLL Lets Remote Users Execute Arbitrary Code
[1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
[1006179] Microsoft Windows Me Help and Support Center URL Handler Overflow Lets Remote Users Execute Arbitrary Code
[1006121] Microsoft Windows 'riched20.DLL' Buffer Overflow May Let Remote Users Crash Applications
[1006045] Microsoft Windows XP Redirector Buffer Overflow May Let Local Users Gain System Level Privileges
[1005986] Microsoft Windows Terminal Server MSGINA.DLL Flaw Lets Remote Authenticated Users Reboot the Server
[1005859] Microsoft Windows File Protection Mechanism Weakness in Trusting Code-Signing Certificate Chains Lets Arbitrary Remote Users Sign Code That Will Be Trusted By Windows
[1005858] Microsoft Windows File Protection Weakness May Let Local Users Replace Code With Previous Vulnerable Versions Without Detection
[1005833] Microsoft Windows XP Shell Buffer Overflow in Processing Audio Files Allows Remote Users to Execute Arbitrary Code
[1005799] Microsoft Windows OS Bug in Processing WM_TIMER Messages May Let Local Users Gain Elevated Privileges
[1005761] Microsoft Windows XP Wireless LAN Support May Disclose Access Point Information to Remote Users
[1005455] Microsoft Windows Remote Procedure Call (RPC) Service Null Pointer Dereference Allows Remote Users to Crash the Service
[1005454] Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions
[1005343] Microsoft Windows Help System Bug in Processing Compiled HTML Help Files Lets Remote Users Execute Arbitrary Commands in the Local Computer Security Zone
[1005336] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Files to Be Created
[1005335] Microsoft Windows Operating System Compressed Folders Allow Arbitrary Code to Be Executed
[1005332] Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code
[1005256] (Vendor Issues Fix) Microsoft Windows XP Remote Desktop Implementation Bug Lets Remote Users Crash the Operating System
[1005242] Microsoft Windows XP Remote Desktop Can Be Crashed By Remote Users Sending a Modified RDP Packet
[1005150] Microsoft Windows Operating System Certificate Enrollment ActiveX Control Allows Remote Users to Delete Certificates on a Target User's System
[1005108] Microsoft Windows Media Player Allows Malicious Windows Media Download (.wmd) Files to Silently Create Files in a Known Location and Execute Them
[1005070] Microsoft Internet Explorer (IE) Browser Error Message Processing Allows Remote Users to Execute Arbitrary Code on Certain Windows 98 Platforms
[1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
[1005063] Microsoft Windows XP Help and Support Center Hole Lets Remote Users Create URLs That, When Loaded, Will Delete Arbitrary Files on Your System
[1004441] Microsoft Windows Help System Buffer Overflows in 'htctrl.ocx' ActiveX Control May Let Remote Users Execute Arbitrary Code on a Target User's Computer By Sending Malicious HTML
[1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
[1004236] L.Y.S.I.A.S. Lidik Web Server for Microsoft Windows Systems Lets Remote Users View Files Located Anywhere on the Partition
[1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
[1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
[1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
[1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
[1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
[1003764] Microsoft Windows Operating System Shell URL Handler Bug Lets Remote Users Create HTML That Could Cause Arbitrary Code to Be Executed on Another User's System in Certain Situations
[1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
[1003686] Microsoft Windows SMTP Service Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server
[1003633] Microsoft XML Core Services in Microsoft Windows XP Operating System Lets Remote Scripts Access and Send Local Files
[1003591] Microsoft Windows Terminal Services May Cause the System's Screen Saver Lockout Mechanism to Fail in Certain Situations
[1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
[1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
[1003369] PGPfire Personal Firewall for Microsoft Windows Discloses Identifying Information to Remote Users
[1003310] Microsoft Windows NT/2000 Authentication Lockout Bug May Record Successful Logins as Failed Login Attempts in Certain Situations
[1003308] Microsoft Windows XP Manifest Processing Bug Lets Local Users Corrupt the System and Cause the Boot Process to Fail
[1003257] Microsoft Windows XP Upgrade Effectively Removes Patches from Internet Explorer (IE) During Upgrade, Leaving Users Exposed to IE Vulnerabilities
[1003239] Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC
[1003228] Microsoft Windows Media Player Discloses Unique ID to Remote Users in the Default Configuration, Allowing Web Sites to Track Users
[1003221] Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents
[1003201] Microsoft Windows 95 Backup Utility Has Buffer Overflow That Could Cause Denial of Service Conditions
[1003121] Microsoft Windows XP Task Manager Will Not Kill Certain Processes
[1003041] Microsoft Windows XP Remote Desktop Client May Disclose Recently Used Account Names to Remote Users
[1003028] Microsoft Windows Universal Plug and Play Component Buffer Overflow Gives Remote Users System Level Access to Windows XP and 98/ME Hosts
[1003003] Microsoft Windows XP Hot Key Function Lets Physically Local Users Execute Administrator Hot Key Functions in Certain Situations
[1002979] Microsoft Windows Explorer Discloses Stored FTP Passwords to Local Users
[1002926] Microsoft Windows Operating System File Locking Design May Allow Local Users to Block Group Policy Scripts
[1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
[1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
[1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
[1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
[1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
[1002601] Microsoft Windows Me Universal Plug and Play (UPnP) Ssdpsrv.exe Server Component Can Be Crashed by Remote Users
[1002519] TYPSoft FTP Server for Microsoft Windows Can Be Crashed by Remote Users
[1002418] Counterpane's Password Safe Password Encryption Utility for Microsoft Windows May Disclose Passwords to Local Users in Certain Situations
[1002394] Microsoft Windows NT Remote Procedure Call (RPC) Services Can Be Crashed With Malformed Packets
[1002201] Microsoft Windows TCP/IP Stack Vulnerable to a Certain Man-in-the-Middle Denial of Service Attack
[1002197] Microsoft Windows NNTP Network News Service Has a Memory Leak That Allows Remote Users to Cause the Server to Crash
[1002124] Microsoft Windows 98 Operating System Can Be Crashed When Running a Web Server or Other Servers And the AUX Device is Accessed By the Program
[1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
[1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
[1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
[1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
[1001992] Microsoft Windows NT Lets Remote Users Cause Increased Packet Overhead and Increased CPU Resource Consumption
[1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
[1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
[1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
[1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
[1001603] Microsoft Windows Media Player May Allow Remote Users to Execute Code Contained in Internet Shortcuts and View Files on the Media Player's Host
[1001587] Microsoft Word for Windows and for Mac May Run Macros Linked By RTF Documents Without Warning
[1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
[1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
[1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
[1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
[1001467] Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
[1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
[1001360] Microsoft Windows Operating System DLL May Allow Malicious Remote Scripts to Run Code on the User's Host Without the User's Intervention
[1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
[1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
[1001110] A Microsoft German-Language Hotfix for Windows NT 4 Incorrectly Displays Some Security Events as Other Security Events
[1028910] Windows TCP/IP Stack ICMPv6 Memory Allocation Flaw Lets Remote Users Deny Service
[1028909] Windows NAT Driver ICMP Processing Flaw Lets Remote Users Deny Service
[1028908] Microsoft Active Directory Federation Services Discloses Account Information to Remote Users
[1028907] Windows Kernel Lets Local Users Gain Elevated Privileges and Bypass ALSR
[1028906] Windows RPC Bug Lets Local Users Gain Elevated Privileges
[1028905] (Microsoft Issues Fix for Exchange Server) Oracle Fusion Middleware Bugs Let Remote Users Deny Service and Access and Modify Data
[1028904] (Microsoft Issues Fix for Exchange Server) Oracle PeopleSoft Products Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
[1028902] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
[1028874] Windows Phone PEAP-MS-CHAPv2 Authentication Protocol Weakness May Let Remote Users Obtain Authentication Information
[1028759] (Microsoft Issues Fix for Internet Explorer) Adobe Flash Player Buffer Overflows Let Remote Users Execute Arbitrary Code
[1028756] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions
[1028755] Microsoft Silverlight Null Pointer Dereference Lets Remote Users Execute Arbitrary Code
[1028753] Windows Media Format Runtime Parsing Flaw in WMV Video Decoder Lets Remote Users Execute Arbitrary Code
[1028752] Microsoft DirectShow GIF Image Processing Flaw Lets Remote Users Execute Arbitrary Code
[1028751] Microsoft Office TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
[1028750] Microsoft Visual Studio .NET TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
[1028749] Microsoft Lync TrueType Font Parsing Flaw Lets Remote Users Execute Arbitrary Code
[1028746] Windows Kernel-Mode Drivers Bugs Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code
[1028745] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
[1028657] Windows Kernel Lets Local Users Obtain Information From Kernel Memory
[1028656] Windows Print Spooler Memory Error Lets Local Users Gain Elevated Privileges
[1028655] Windows TCP/IP Driver Bug Lets Remote Users Deny Service
[1028651] Microsoft Internet Explorer Multiple Memory Corruption Bugs Let Remote Users Execute Arbitrary Code
[1028650] Microsoft Office Buffer Overflow in PNG Image Processing Lets Remote Users Execute Arbitrary Code
[1028591] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges
[1028561] Windows Essentials URI Handling Flaw Discloses Potentially Sensitive Information to Remote Users
[1028560] Microsoft Visio Discloses Information to Remote Users
[1028558] Microsoft .NET Flaws Let Remote Users Bypass Authentication and Bypass XML File Signature Verification
[1028557] Microsoft Malware Protection Engine Flaw Lets Remote Users Execute Arbitrary Code
[1028554] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges
[1028553] Microsoft Word RTF Shape Data Parsing Error Lets Remote Users Execute Arbitrary Code
[1028552] Microsoft Publisher Multiple Bugs Let Remote Users Execute Arbitrary Code
[1028551] Microsoft Lync Object Access Flaw Lets Remote Users Execute Arbitrary Code
[1028550] Microsoft Office Communicator Object Access Flaw Lets Remote Users Execute Arbitrary Code
[1028546] Windows HTTP Stack Header Processing Flaw Lets Remote Users Deny Service
[1028545] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
[1028514] Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code
[1028412] Microsoft SharePoint Server Discloses Files to Remote Authenticated Users
[1028411] Microsoft Office Web Apps Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks
[1028410] Microsoft InfoPath Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks
[1028409] Microsoft Groove Server Input Validation Flaw in Sanitization Component Permits Cross-Site Scripting Attacks
[1028408] Microsoft SharePoint Input Validation Flaw in HTML Sanitization Component Permits Cross-Site Scripting Attacks
[1028407] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges
[1028405] Microsoft Active Directory LDAP Processing Flaw Lets Remote Users Deny Service
[1028404] Microsoft Antimalware Client Path Name Flaw Lets Local Users Gain Elevated Privileges
[1028403] Windows Kernel Race Conditions Let Local Users Gain Elevated Privileges
[1028402] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges and Deny Service
[1028398] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
[1028397] Windows Remote Desktop Bug in ActiveX Control Lets Remote Users Execute Arbitrary Code
[1028394] NVIDIA Windows Driver Bugs Lets Local Users Gain Elevated Privileges
[1028341] Windows Modern Mail Lets Remote Users Spoof URLs in Email Messages
[1028281] Microsoft Office for Mac HTML Loading Bug Lets Remote Users Obtain Potentially Sensitive Information
[1028279] Microsoft OneNote Buffer Validation Flaw Lets Remote Users Obtain Potentially Sensitive Information
[1028278] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks
[1028276] Microsoft Visio Viewer Tree Object Type Confusion Error Lets Remote Users Execute Arbitrary Code
[1028275] Microsoft Internet Explorer Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
[1028274] Windows USB Driver Memory Error Lets Physically Local Users Gain Elevated Privileges
[1028273] Microsoft Silverlight Memory Pointer Dereference Lets Remote Users Execute Arbitrary Code
[1028129] Windows NFS Server Null Dereference Lets Remote Users Deny Service
[1028128] Windows TCP/IP Stack FIN WAIT Processing Flaw Lets Remote Users Deny Service
[1028127] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges
[1028126] Windows Kernel Lets Local Users Gain Elevated Privileges
[1028124] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges
[1028123] Microsoft .NET Bug Lets Remote Users Execute Arbitrary Code and Bypass Security Restrictions
[1028119] Microsoft DirectShow Media Decompression Flaw Lets Remote Users Execute Arbitrary Code
[1028118] Windows OLE Automation Memory Allocation Error Lets Remote Users Execute Arbitrary Code
[1028117] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Access Information Across Domains
[1028116] Microsoft Internet Explorer Vector Markup Language Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1027949] Microsoft .NET Open Data (OData) Protocol Bug Lets Remote Users Deny Service
[1027948] Microsoft System Center Configuration Manager Input Validation Flaws Permit Cross-Site Scripting Attacks
[1027947] Windows TCP/IP Stack Lets Remote Users Downgrade SSL/TLS Sessions
[1027946] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges
[1027945] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
[1027944] Windows Print Spooler Bug Lets Remote Users Execute Arbitrary Code
[1027943] Microsoft XML Core Services (MSXML) XML Parsing Flaws Let Remote Users Execute Arbitrary Code
[1027930] Microsoft Internet Explorer CDwnBindInfo Object Reuse Flaw Lets Remote Users Execute Arbitrary Code
[1027870] Microsoft Internet Explorer Discloses Mouse Location to Remote Users
[1027860] Windows IP-HTTPS Certificate Processing Flaw Lets Remote Users Bypass Security Restrictions
[1027859] Microsoft DirectPlay Heap Overflow Lets Remote Users Execute Arbitrary Code
[1027857] Microsoft Exchange Server RSS Feed Bug Lets Remote Users Deny Service
[1027856] Windows Kernel-Mode Drivers Font Processing Flaw Lets Remote Users Execute Arbitrary Code
[1027855] Windows File Handling Component Memory Error Lets Remote Users Execute Arbitrary Code
[1027852] Microsoft Word RTF Parsing Error Lets Remote Users Execute Arbitrary Code
[1027851] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
[1027753] Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
[1027752] Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code
[1027751] Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
[1027750] Windows Kernel Multiple Bugs Let Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges
[1027749] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
[1027748] Windows Shell Briefcase Integer Overflow and Underflow Let Remote Users Execute Arbitrary Code
[1027647] EMC NetWorker Module for Microsoft Applications Lets Remote Users Execute Arbitrary Code and Local Users Obtain Passwords
[1027629] Microsoft Office InfoPath HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
[1027628] Microsoft Office Communicator HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
[1027627] Microsoft Lync HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
[1027626] Microsoft SharePoint HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
[1027625] Microsoft Groove Server HTML Sanitizer Flaw Permits Cross-Site Scripting Attacks
[1027623] Microsoft SQL Server Input Validation Flaw in Reporting Services Permits Cross-Site Scripting Attacks
[1027622] Windows Kernel Integer Overflow Lets Local Users Gain Elevated Privileges
[1027621] Microsoft Works Heap Corruption Flaw Lets Remote Users Execute Arbitrary Code
[1027620] Microsoft Kerberos Null Pointer Dereference Lets Remote Users Deny Service
[1027618] Microsoft Word Memory Errors Let Remote Users Execute Arbitrary Code
[1027583] Adobe AIR Applications and Adobe Software for Windows Have Compromised Certificates
[1027555] Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
[1027541] Windows Phone Certificate Validation Flaw Lets Remote Users Spoof Secure E-mail Servers
[1027538] Microsoft Internet Explorer execCommand Flaw Lets Remote Users Execute Arbitrary Code
[1027522] Citrix XenApp Plug-in for Windows Lets Remote Users Execute Arbitrary Code
[1027512] Microsoft System Center Configuration Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
[1027511] Microsoft Visual Studio Team Foundation Server Input Validation Flaw Permits Cross-Site Scripting Attacks
[1027394] Microsoft Visio Buffer Overflow in Processing DXF Format Files Lets Remote Users Execute Arbitrary Code
[1027393] Microsoft Office CGM Graphics File Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1027392] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
[1027391] Windows Kernel-Mode Drivers Bug Lets Local Users Gain Elevated Privileges
[1027390] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
[1027379] Windows Print Spooler Remote Administration Protocol Format String and Buffer Overflows Let Remote Users Deny Service
[1027378] Windows Remote Desktop RDP Processing Flaw Lets Remote Users Execute Arbitrary Code
[1027335] Citrix Access Gateway Plug-in for Windows ActiveX Control Buffer Overflows Let Remote Users Execute Arbitrary Code
[1027295] Microsoft SharePoint Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code
[1027294] Microsoft Exchange Server Bugs in Oracle Outside In Libraries Let Remote Users Execute Arbitrary Code
[1027234] Microsoft Office for Mac Folder Permission Flaw Lets Local Users Gain Elevated Privileges
[1027233] Windows Schannel Lets Remote Users Decrypt TLS Traffic
[1027232] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting, Information Disclosure, and URL Redirection Attacks
[1027231] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges
[1027230] Windows Shell Command Injection Flaw Lets Remote Users Execute Arbitrary Code
[1027229] Microsoft Office DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1027228] Microsoft Visual Basic for Applications DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1027227] Microsoft Data Access Components (MDAC) ADO Cachesize Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1027226] Microsoft Internet Explorer Deleted Object Access Bugs Let Remote Users Execute Arbitrary Code
[1027223] Microsoft IIS Web Server Discloses Potentially Sensitive Information to Remote Users
[1027157] Microsoft XML Core Services (MSXML) Object Access Error Lets Remote Users Execute Arbitrary Code
[1027155] Windows Kernel Bug in User Mode Scheduler Lets Local Users Gain Elevated Privileges
[1027154] Windows Kernel-Mode Driver Bugs Lets Local Users Gain Elevated Privileges
[1027151] Microsoft Dynamics AX Input Validation Flaw Permits Cross-Site Scripting Attacks
[1027150] Microsoft Lync DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1027149] Microsoft .NET Memory Access Bug Lets Remote Users Execute Arbitrary Code
[1027148] Windows Remote Desktop Bug Lets Remote Users Execute Arbitrary Code
[1027147] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information
[1027089] PHP Windows com_print_typeinfo() Buffer Overflow Lets Local Users Gain Elevated Privileges
[1027048] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code and Deny Service
[1027044] Windows TCP/IP Stack Lets Remote Users Bypass the Firewall and Local Users Gain Elevated Privileges
[1027042] Microsoft Visio Viewer Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1027041] Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code
[1027040] Microsoft Silverlight Double Free Memory Error Lets Remote Users Execute Arbitrary Code
[1027039] Windows OS Lets Remote Users Cause Arbitrary Code to Be Executed and Lets Local Users Gain Elevated Privileges
[1027038] Microsoft GDI+ Bugs Let Remote Users Execute Arbitrary Code
[1027036] Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code
[1027035] Microsoft Word RTF Processing Flaw Lets Remote Users Execute Arbitrary Code
[1027020] Windows Win32k.sys Memory Error Lets Remote Users Deny Service
[1027003] HP Insight Management Agents for Windows Server Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and URL Redirection Attacks
[1026911] Microsoft Office WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code
[1026910] Microsoft Works WPS File Heap Overflow Lets Remote Users Execute Arbitrary Code
[1026909] Microsoft Forefront Unified Access Gateway Bugs Let Remote Users Obtain Potentially Sensitive Information and Conduct Browser Redirection Attacks
[1026907] Microsoft .NET Parameter Validation Flaw Lets Remote Users Execute Arbitrary Code
[1026906] Windows Authenticode Signature Verification Can Be Bypassed By Remote or Local Users
[1026901] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
[1026794] Microsoft DirectWrite Unicode Character Processing Flaw Lets Remote Users Deny Service
[1026793] Windows Kernel PostMessage() Lets Local Users Gain Elevated Privileges
[1026792] Microsoft Visual Studio Lets Local Users Gain Elevated Privileges
[1026791] Microsoft Expression Design DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026790] Windows Remote Desktop Protocol Bugs Let Remote Users Deny Service and Execute Arbitrary Code
[1026789] Microsoft DNS Server Lets Remote Users Deny Service
[1026686] Microsoft SharePoint Input Validation Flaws Permit Cross-Site Scripting Attacks
[1026684] Microsoft Visio Viewer Multiple Bugs Let Remote Users Execute Arbitrary Code
[1026683] Windows XP Indeo Codec DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026682] Windows Color Control Panel DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026681] Microsoft Silverlight Bugs Let Remote Users Execute Arbitrary Code
[1026680] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code
[1026679] Windows Kernel Keyboard Layout Use-After-Free Lets Local Users Gain Elevated Privileges
[1026678] Windows C Runtime Library Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1026677] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
[1026499] Microsoft Anti-Cross Site Scripting Library Flaw May Permit Cross-Site Scripting Attacks
[1026498] Windows Schannel Lets Remote Users Decrypt SSL/TLS Traffic
[1026495] Windows Client-Server Run-time Subsystem Unicode Processing Flaw Lets Local Users Gain Elevated Privileges
[1026494] Windows Object Packager Lets Remote Users Execute Arbitrary Code
[1026493] Windows Kernel Lets Local Users Bypass the SafeSEH Security Feature
[1026492] Windows Media Player Bugs Let Remote Users Execute Arbitrary Code
[1026479] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Commands, Access User Accounts, and Redirect Users
[1026469] Microsoft ASP.NET Hash Table Collision Bug Lets Remote Users Deny Service
[1026450] Windows Win32k.sys GDI Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1026426] RSA SecurID Software Token for Windows DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026418] Windows OLE Processing Error Lets Remote Users Cause Arbitary Code to Be Executed on the Target User's System
[1026417] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges
[1026416] Microsoft Office IME (Chinese) Lets Local Users Gain Elevated Privileges
[1026415] Windows Kernel Object Initialization Error Lets Local Users Gain Elevated Privileges
[1026414] Microsoft Publisher Multiple Errors Let Remote Users Execute Arbitrary Code
[1026413] Microsoft Internet Explorer DLL Loading Error Lets Remote Users Execute Arbitrary Code and HTML Processing Bugs Let Remote Users Obtain Information
[1026412] Microsoft Active Directory Memory Access Error Lets Remote Authenticated Users Execute Arbitrary Code
[1026411] Microsoft PowerPoint DLL Loading and OfficeArt Object Processing Flaws Let Remote Users Execute Arbitrary Code
[1026410] Microsoft Office Excel File Memory Error Lets Remote Users Execute Arbitrary Code
[1026409] Microsoft Office Use-After-Free Bug Lets Remote Users Execute Arbitrary Code
[1026408] Microsoft Internet Explorer Error in Microsoft Time Component Lets Remote Users Execute Arbitrary Code
[1026407] Windows Media Center DVR Parsing Error Lets Remote Users Execute Arbitrary Code
[1026406] Windows Media Player DVR Parsing Error Lets Remote Users Execute Arbitrary Code
[1026347] Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service
[1026294] Microsoft Active Directory CRL Validation Flaw Lets Remote Users Bypass Authentication
[1026293] Windows Mail DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026292] Windows Meeting Space DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026291] Windows Win32k.sys Kernel-Mode Drivers Array Index Validation Flaw Lets Remote Users Deny Service
[1026290] Windows TCP/IP Stack Integer Overflow Lets Remote Users Execute Arbitrary Code
[1026220] Microsoft Publisher 'Pubconv.dll' Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1026169] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permits Cross-Site Scripting, HTTP Response Splitting, and Denial of Service Attacks
[1026168] Microsoft Host Integration Server Bugs Let Remote Users Deny Service
[1026166] Windows Media Center DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026165] Windows Kernel-Mode Drivers Memory Corruption Errors Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges
[1026164] Microsoft Active Accessibility Component DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1026162] Microsoft .NET Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code
[1026161] Microsoft Silverlight Inheritance Restriction Error Lets Remote Users Execute Arbitrary Code
[1026160] Microsoft Internet Explorer Multiple Flaws Let Remote Users Execute Arbitrary Code
[1026040] Microsoft SharePoint Multiple Flaws Permit Cross-Site Scripting and Information Disclosure Attacks
[1026039] Microsoft Office DLL Loading Error and Unspecified Bug Lets Remote Users Execute Arbitrary Code
[1026038] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code
[1026020] Windows 2008 R1 CSRSS Null Pointer Dereference Lets Local Users Deny Service
[1026005] Windows Script Host DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1025905] Microsoft .NET Socket Trust Validation Error Lets Remote Users Obtain Information and Redirect Certain Network Traffic
[1025904] Windows Kernel File Metadata Parsing Error Lets Remote Users Deny Service
[1025903] Microsoft Visual Studio Input Validation Hole Permits Cross-Site Scripting Attacks
[1025902] Microsoft ASP.NET Chart Control Remote File Disclosure
[1025901] Windows Remote Desktop Protocol (RDP) Memory Access Error Lets Remote Users Deny Service
[1025900] Windows TCP/IP Stack Flaws Let Remote Users Deny Service
[1025899] Windows Client-Server Run-time Subsystem 'Winsrv.dll' Lets Local Users Gain Elevated Privileges
[1025898] Windows Remote Access Service NDISTAPI Driver Lets Local Users Gain Elevated Privileges
[1025897] Windows Remote Desktop Web Access Validation Flaw Permits Cross-Site Scripting Attacks
[1025896] Microsoft Visio Memory Corruption Errors Let Remote Users Execute Arbitrary Code
[1025895] Microsoft Data Access Components Insecure Library Loading Lets Remote Users Execute Arbitrary Code
[1025894] Microsoft DNS Server Flaws Let Remote Users Execute Arbitrary Code and Deny Service
[1025893] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
[1025885] Windows Client-Server Run-time Subsystem SrvGetConsoleTitle() Flaw Lets Local Users Deny Service
[1025847] Microsoft Internet Explorer Flaw in Processing EUC-JP Encoded Characters Lets Remote Users Conduct Cross-Site Scripting Attacks
[1025775] Citrix Access Gateway Plug-in for Windows Lets Remote Users Execute Arbitrary Code
[1025763] Microsoft Visio May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1025762] Windows Client-Server Run-time Subsystem Bugs Let Local Users Gain Elevated Privileges
[1025761] Windows Kernel-Mode Drivers Let Local Users Gain Elevated Privileges
[1025675] Microsoft Word Unspecified Flaw Lets Remote Users Execute Arbitrary Code
[1025655] Microsoft MHTML Input Validation Hole Permits Cross-Site Scripting Attacks
[1025654] Microsoft Internet Explorer Vector Markup Language (VML) Object Access Error Lets Remote Users Execute Arbitrary Code
[1025653] Microsoft Active Directory Input Validation Flaw in Certificate Services Web Enrollment Permits Cross-Site Scripting Attacks
[1025649] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
[1025648] Microsoft SQL Server XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information
[1025647] Microsoft Visual Studio XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information
[1025646] Microsoft Office InfoPath XML Editor External Entity Resolution Flaw Lets Remote Users Obtain Potentially Sensitive Information
[1025645] Windows Server Message Block Request Parsing Flaw Lets Remote Users Deny Service
[1025644] Microsoft Hyper-V VMBus Packet Validation Flaw Lets Local Users Deny Service
[1025642] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code
[1025641] Microsoft .NET JIT Compiler Validation Flaw Lets Remote Users Execute Arbitrary Code
[1025640] Windows Server Message Block Parsing Error Lets Remote Users Execute Arbitrary Code
[1025639] Microsoft Distributed File System Bugs Let Remote Users Deny Service and Execute Arbitrary Code
[1025638] Windows Kernel Memory Corruption Error in Win32k.sys Lets Remote Users Execute Arbitrary Code
[1025637] Microsoft Forefront Threat Management Gateway Bounds Validation Flaw in Winsock Provider Lets Remote Users Execute Arbitrary Code
[1025636] Microsoft .NET Array Offset Error Lets Remote Users Execute Code
[1025635] Microsoft Silverlight Array Offset Error Lets Remote Users Execute Arbitrary Code
[1025513] Microsoft PowerPoint Memory Corruption Errors Let Remote Users Execute Arbitrary Code
[1025431] HP Insight Control for Windows Lets Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Request Forgery Attacks
[1025360] Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code
[1025359] Microsoft MHTML Stack Overflow Lets Remote Users Execute Arbitrary Code
[1025348] Windows Operating System Loader Driver Signing Restrictions Can Be Bypassed
[1025347] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1025346] Microsoft Foundation Classes May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1025345] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges
[1025344] Microsoft WordPad Parsing Error Lets Remote Users Execute Arbitrary Code
[1025343] Microsoft Office DLL Loading and Graphic Object Processing Flaws Let Remote Users Execute Arbitrary Code
[1025340] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code
[1025337] Microsoft Excel Multiple Bugs Let Remote Users Execute Arbitrary Code
[1025335] Microsoft GDI+ EMF Image Integer Overflow Lets Remote Users Execute Arbitrary Code
[1025334] Microsoft OpenType Compact Font Format (CFF) Driver Stack Overflow Lets Remote Users Execute Arbitrary Code
[1025333] Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
[1025332] Windows DNS Resolution LLMNR Processing Flaw Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
[1025331] Microsoft .NET Stack Corruption Error in JIT Compiler Lets Remote Users Execute Arbitrary Code
[1025329] Windows SMB Server Lets Remote Users Execute Arbitrary Code
[1025328] Windows Server Message Block Parsing Errors Let Remote Users Execute Arbitrary Code
[1025327] Microsoft Internet Explorer Bugs Let Remote Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Hijack User Clicks
[1025172] Windows Remote Desktop Client DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1025171] Microsoft Groove DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1025170] Microsoft DirectShow DLL Loading Error Lets Remote Users Execute Arbitrary Code
[1025169] Windows Media Player and Windows Media Center Error in Parsing '.dvr-ms' Files Lets Remote Users Execute Arbitrary Code
[1025164] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar
[1025117] Microsoft Malware Protection Engine Registry Processing Error Lets Local Users Gain Elevated Privileges
[1025086] Microsoft Active Directory Heap Overflow in Processing BROWSER ELECTION Packets May Let Remote Users Execute Arbitrary Code
[1025049] Microsoft Local Security Authority Subsystem Service (LSASS) Lets Local Users Gain Elevated Privileges
[1025048] Windows Kerberos Lets Local Users Gain Elevated Privileges
[1025047] Windows Driver Flaws Lets Local Users Gain Elevated Privileges
[1025046] Windows Kernel Lets Local Users Gain Elevated Privileges
[1025045] Windows Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges
[1025044] Microsoft JScript and VBScript Disclose Information to Remote Users
[1025043] Microsoft Visio Memory Corruption Error in Processing Visio Files Lets Remote Users Execute Arbitrary Code
[1025042] Microsoft Active Directory SPN Collosions May Let Remote Authenticated Users Deny Service
[1025038] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
[1025034] Windows OpenType Compact Font Format Bug Lets Remote Users Execute Arbitrary Code
[1025003] Microsoft MHTML Input Validation Hole May Permit Cross-Site Scripting Attacks
[1024948] Windows Backup Manager May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024947] Microsoft Data Access Components (MDAC) Memory Corruption Errors in Processing DSN Data and ADO Records Let Remote Users Execute Arbitrary Code
[1024940] Microsoft Internet Explorer Use-After-Free in 'mshtml.dll' May Let Remote Users Execute Arbitrary Code
[1024932] Windows Graphics Rendering Engine Stack Overflow in Processing Thumbnail Images Lets Remote Users Execute Arbitrary Code
[1024925] Microsoft Fax Cover Page Editor Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1024922] Microsoft Internet Explorer Recursive CSS Import Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1024921] Microsoft IIS FTP Server Lets Remote Users Deny Service
[1024888] Microsoft Exchange Server RPC Processing Flaw Lets Remote Authenticated Users Deny Service
[1024887] Microsoft Office Graphics Filters Let Remote Users Execute Arbitrary Code
[1024886] Microsoft SharePoint Input Validation Flaw in Processing SOAP Requests Let Remote Users Execute Arbitrary Code
[1024885] Microsoft Publisher Bugs Let Remote Users Execute Arbitrary Code
[1024884] Microsoft Hyper-V Input Validation Flaw Lets Local Guest Operating System Users Deny Service
[1024883] Windows Netlogon Service Lets Remote Authenticated Users Deny Service
[1024882] Windows Consent User Interface Lets Local Users Gain Elevated Privileges
[1024881] Windows Routing and Remote Access NDProxy Buffer Overflow Lets Local Users Gain Elevated Privileges
[1024880] Windows Kernel Buffer Overflows and Memory Corruption Errors Let Local Users Gain Elevated Privileges
[1024878] Windows Address Book May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024876] Windows Media Encoder May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024875] Windows Movie Maker May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024873] Windows OpenType Font Driver Memory Corruption Flaws Let Remote Users Execute Arbitrary Code
[1024872] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks
[1024790] Microsoft Outlook Attachment Processing Flaw Lets Remote Users Deny Service
[1024787] Windows Kernel Buffer Overflow in RtlQueryRegistryValues() Lets Local Users Gain Elevated Privileges
[1024707] Microsoft Forefront Unified Access Gateway Input Validation Flaws Permit Cross-Site Scripting and URL Redirection Attacks
[1024706] Microsoft PowerPoint Bugs Let Remote Users Execute Arbitrary Code
[1024705] Microsoft Office Flaws Let Remote Users Execute Arbitrary Code
[1024676] Microsoft Internet Explorer Freed Object Invalid Flag Reference Access Lets Remote Users Execute Arbitrary Code
[1024675] HP Insight Control Performance Management for Windows Lets Remote Users Download Arbitrary Files
[1024673] HP Insight Recovery for Windows Flaws Permit Cross-Site Scripting and Directory Traversal Attacks
[1024672] HP Insight Control Performance Management for Windows Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Remote Authenticated Users Gain Elevated Privileges
[1024667] HP Insight Managed System Setup Wizard for Windows Lets Remote Users Download Arbitrary Files
[1024630] Microsoft Internet Explorer 'window.onerror' Callback Lets Remote Users Obtain Information From Other Domains
[1024572] Sun Java System Directory Server Identity Synchronization for Windows Lets Local Users Access and Modify Data and Deny Service
[1024559] Microsoft SharePoint Input Validation Hole in SafeHTML Permits Cross-Site Scripting Attacks
[1024558] Microsoft Cluster Service Disk Permission Flaw Lets Local Users Gain Elevated Privileges
[1024557] Microsoft Foundation Classes Library Buffer Overflow in Window Title Lets Remote Users Execute Arbitrary Code
[1024556] Windows Schannel TLSv1 Processing Bug Lets Remote Users Deny Service
[1024555] Windows Shell COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code
[1024554] Windows OpenType Font (OTF) Format Driver Memory Corruption Flaw Lets Local Users Gain Elevated Privileges
[1024553] Windows LPC Buffer Overflow Lets Local Users Gain Elevated Privileges
[1024552] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
[1024551] Microsoft Office Word Processing Flaws Let Remote Users Execute Arbitrary Code
[1024550] Windows Media Player Object Deallocation Error Lets Remote Users Execute Arbitrary Code
[1024549] Windows Common Control Library Heap Overflow Lets Remote Users Execute Arbitrary Code
[1024547] Windows win32k.sys Kernel-mode Driver Bugs Let Local Users Gain Elevated Privileges
[1024546] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks
[1024545] Windows Media Player Use-After-Free Memory Error in Network Sharing Service Lets Remote Users Execute Arbitrary Code
[1024544] Windows Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
[1024543] Microsoft .NET Framework JIT Compiler Memory Access Error Lets Remote Users Execute Arbitrary Code
[1024537] Windows LPC Processing Flaw Lets Local Users Deny Service
[1024496] Microsoft Internet Information Server (IIS) Web Server Stack Overflow in Reading POST Data Lets Remote Users Deny Service
[1024459] Microsoft ASP.NET Padding Oracle Attack Lets Remote Users Decrypt Data
[1024445] Microsoft Outlook Web Access Authentication Flaw Lets Remote Users Hijack User Sessions
[1024444] Windows Client-Server Runtime Subsystem Lets Local Users Gain Elevated Privileges
[1024443] Microsoft Local Security Authority Subsystem Service (LSASS) Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code
[1024442] Microsoft WordPad Parsing Error in Text Converters Lets Remote Users Execute Arbitrary Code
[1024440] Microsoft Internet Information Services Bugs Let Remote Users Bypass Authentication, Deny Service, and Execute Arbitrary Code
[1024439] Microsoft Outlook Heap Overflow Lets Remote Users Execute Arbitrary Code
[1024438] Microsoft Office Unicode Font Parsing in USP10.DLL Lets Remote Users Execute Arbitrary Code
[1024437] Windows Unicode Scripts Processor Font Parsing Error in USP10.DLL Lets Remote Users Execute Arbitrary Code
[1024436] Windows MPEG-4 Codec Processing Flaw Lets Remote Users Execute Arbitrary Code
[1024435] Windows Print Spooler Access Permission Flaw Lets Remote Users Execute Arbitrary Code
[1024358] Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service
[1024355] Windows Applications May Load DLLs Unsafely and Remotely Execute Arbitrary Code
[1024345] Windows Kernel win32k!GreStretchBltInternal() Bug Lets Local Users Deny Service
[1024320] Windows Telephony Application Programming Interfaces Lets Certain Local Users Gain Elevated Privileges
[1024311] Windows TCP/IP Stack Lets Local Users Gain Elevated Privileges and Remote Users Deny Service
[1024310] Microsoft Office Excel Flaw Lets Remote Users Execute Arbitrary Code
[1024309] Windows Movie Maker Memory Corruption Error in Processing Project Files Lets Remote Users Execute Arbitrary Code
[1024308] Windows Drivers Let Local Users Gain Elevated Privileges or Deny Service
[1024307] Windows Kernel Bugs Let Local Users Gain Elevated Privileges and Deny Service
[1024306] Microsoft Silverlight Memory Corruption Errors Let Remote Users Execute Arbitrary Code
[1024305] Microsoft .NET Framework Virtual Method Delegate Processing Error Lets Remote Users Execute Arbitrary Code
[1024304] Microsoft Cinepak Codec Memory Pointer Error Lets Remote Users Execute Arbitary Code
[1024303] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Domain Attacks
[1024302] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code
[1024301] Microsoft XML Core Services (MSXML) HTTP Response Processing Flaw Lets Remote Users Execute Arbitrary Code
[1024300] Windows Schannel Certificate Validation Error Lets Remote Users Execute Arbitrary Code
[1024299] Windows Schannel Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
[1024298] Microsoft Office Word RTF, Word, and HTML Processing Errors Let Remote Users Execute Arbitrary Code
[1024297] Windows SMB Server Flaws Let Remote Users Deny Service and Execute Arbitrary Code
[1024277] Citrix XenApp Online Plug-in for Windows Flaw Lets Remote Users Execute Arbitrary Code
[1024189] Microsoft Office Outlook Validation Error in Processing Attachments Lets Remote Users Execute Arbitrary Code
[1024188] Microsoft Office Access ActiveX Controls Let Remote Users Execute Arbitrary Code
[1024186] HP Insight Control Server Migration for Windows Lets Remote Users Conduct Cross-Site Request Forgery Attacks and Local Users Gain Unauthorized Access to Data
[1024084] Microsoft Help and Support Center URL Escaping Flaw Lets Remote Users Execute Arbitrary Commands
[1024080] Microsoft .NET XML Digital Signature Flaw May Let Remote Users Bypass Authentication
[1024079] Microsoft Internet Information Services Memory Allocation Error Lets Remote Authenticated Users Execute Arbitrary Code
[1024078] Microsoft SharePoint Input Validation Flaw in toStaticHTML API Permits Cross-Site Scripting Attacks
[1024077] Microsoft SharePoint Help Page Processing Bug Lets Remote Users Deny Service
[1024076] Microsoft Office Excel Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
[1024075] Microsoft Office Open XML File Format Converter for Mac Lets Local Users Gain Elevated Privileges
[1024074] Windows OpenType Compact Font Format Memory Corruption Error Lets Local Users Gain Elevated Privileges
[1024073] Microsoft Office COM Object Instantiation Error Lets Remote Users Execute Arbitrary Code
[1024072] Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges
[1024070] Microsoft Internet Explorer 8 Developer Tools ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1024069] Windows Media Decompression Components Let Remote Users Execute Arbitrary Code
[1024068] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks
[1023991] Windows Memory Error in Canonical Display Driver Lets Remote Users Execute Arbitrary Code
[1023982] HP Insight Control Server Migration for Windows Input Validation Flaw Permits Cross-Site Scripting Attacks
[1023975] Microsoft Office Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code
[1023974] Microsoft Visual Basic for Applications Memory Corruption Error in VBE6.DLL Lets Remote Users Execute Arbitrary Code
[1023973] Windows Mail Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code
[1023972] Microsoft Outlook Express Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code
[1023939] Windows SMTP Service Uses Predictable Transaction IDs and Fails to Validate Response IDs Which May Permit DNS Spoofing
[1023938] Microsoft Office Visio Buffer Overflow in Processing DXF Files Lets Remote Users Execute Arbitrary Code
[1023932] Microsoft Office SharePoint Input Validation Flaw in 'help.aspx' Permits Cross-Site Scripting Attacks
[1023913] HP Virtual Machine Manager for Windows Lets Remote Authenticated Users Gain Elevated Privileges
[1023857] Windows IPv6 Stack ISATAP Tunnel Validation Flaw Lets Remote Users Spoof IPv4 Addresses
[1023856] Microsoft Visio Index Calculation and Attribute Validation Flaws Let Remote Users Execute Code
[1023855] Microsoft Exchange May Disclose Message Fragments to Remote Users
[1023854] Microsoft Exchange Error in Parsing MX Records Lets Remote Users Deny Service
[1023853] Microsoft Office Publisher TextBox Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1023851] Windows Media Services Stack Overflow in Processing Transport Information Packets Lets Remote Users Execute Arbitrary Code
[1023850] Windows Kernel Flaws Let Local Users Gain Elevated Privileges and Deny Service
[1023849] Windows Media Player ActiveX Control Lets Remote Users Execute Arbitrary Code
[1023848] Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code
[1023847] Windows Server Message Block Client Message Processing Bugs Let Remote Users Execute Arbitrary Code
[1023846] Windows Authenticode Signature Verification Flaws Let Remote Users Execute Arbitrary Code
[1023773] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
[1023720] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges
[1023699] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
[1023698] Microsoft Office Excel Bugs Let Remote Users Execute Arbitrary Code
[1023697] Windows Movie Maker Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed
[1023668] Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code
[1023656] Windows API Bug Lets Local Users Deny Service
[1023570] Windows Kernel Double Free Memory Error Lets Local Users Gain Elevated Privileges
[1023569] Windows Client-Server Run-time Subsystem Process Termination Flaw Lets Local Users Gain Elevated Privileges
[1023568] Windows SMB Server Flaws Lets Remote Authenticated Users Execute Arbitrary Code and Let Remote Users Deny Service
[1023567] Microsoft Hyper-V Instruction Validation Bug Lets Local Users Deny Service
[1023565] Microsoft Office Buffer Overflow in 'MSO.DLL' Lets Remote Users Execute Arbitrary Code
[1023564] Microsoft Paint Integer Overflow Lets Remote Users Execute Arbitrary Code
[1023563] Microsoft PowerPoint Buffer Overflows and Memory Errors Let Remote Users Execute Arbitrary Code
[1023562] Microsoft DirectShow Heap Overflow Lets Remote Users Execute Arbitrary Code
[1023561] Windows TCP/IP Stack IPv6 and Header Processing Bugs Let Remote Users Execute Arbitrary Code
[1023560] Microsoft Internet Explorer Flaw in Microsoft Data Analyzer ActiveX Control Lets Remote Users Execute Arbitrary Code
[1023559] Windows Server Message Block Client Validation and Race Condition Flaws Let Remote Users Execute Arbitrary Code
[1023545] OpenSolaris Flaw in kclient and smbadm When Joining a Windows Domain Has Unspecified Impact
[1023542] Microsoft Internet Explorer Discloses Known Files to Remote Users
[1023494] Microsoft Internet Explorer Cross-Site Scripting Filter Can Be Bypassed
[1023493] Microsoft Internet Explorer Multiple Memory Access Flaws Let Remote Users Execute Arbitrary Code
[1023471] Windows Kernel #GP Trap Handler Flaw Lets Local Users Gain Elevated Privileges
[1023462] Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
[1023435] Adobe Flash 6 on Windows XP Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
[1023432] Microsoft Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
[1023387] Microsoft Internet Information Services (IIS) Filename Extension Parsing Configuration Error May Let Users Bypass Security Controls
[1023302] Windows Media Player Indeo Codec Bugs Let Remote Users Execute Arbitrary Code
[1023301] Microsoft Internet Explorer Indeo Codec Bugs Let Remote Users Execute Arbitrary Code
[1023297] Microsoft Local Security Authority Subsystem Service Validation Flaw Lets Remote Users Deny Service
[1023296] Microsoft Active Directory Federation Services Lets Remote Authenticated Users Execute Arbitrary Code and Spoof Web Sites
[1023294] Microsoft Office Word and WordPad Text Converter Memory Errors Let Remote Users Execute Arbitrary Code
[1023293] Microsoft Internet Explorer Memory Access Flaws Let Remote Users Execute Arbitrary Code
[1023292] Microsoft Office Publisher Memory Allocation Validation Flaw Lets Remote Users Execute Arbitrary Code
[1023291] Microsoft Internet Authentication Service Bugs Let Remote Authenticated Users Execute Arbitrary Code or Gain Privileges of the Target User
[1023233] Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files
[1023226] Microsoft Internet Explorer Invalid Pointer Reference in getElementsByTagName() Method Lets Remote Users Execute Arbitrary Code
[1023179] Windows Kernel Flaw Lets Remote Users Deny Service
[1023158] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1023157] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code
[1023156] Microsoft Active Directory Stack Memory Consumption Flaw Lets Remote Users Deny Service
[1023155] Windows Kernel 'Win32k.sys' Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
[1023154] Microsoft License Logging Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1023153] Microsoft Web Services on Devices API (WSDAPI) Validation Error Lets Remote Users Execute Arbitrary Code
[1023146] Tomcat Windows Installer Creates Default Blank Administrative Password
[1023126] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Saver When Accessibility is Enabled
[1023013] Microsoft Crypto API NULL Character Flaw in Common Name Field and ASN.1 Integer Overflow Lets Remote Users Spoof Certficiates
[1023012] Windows Media Player Heap Overflow in Processing ASF Files Lets Remote Users Execute Arbitrary Code
[1023011] Microsoft Indexing Service ActiveX Control Lets Remote Users Execute Arbitrary Code
[1023010] Microsoft Local Security Authority Subsystem Service (LSASS) Integer Underflow Lets Local Users Deny Service
[1023009] Microsoft Silverlight Memory Modification Flaw Lets Remote Users Execute Arbitrary Code
[1023008] Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code
[1023006] Microsoft GDI+ Overflows Let Remote Users Execute Arbitrary Code
[1023005] Windows Media Format Runtime Flaws Let Remote Users Execute Arbitrary Code
[1023004] Windows Server Message Block Validation Errors Let Remote Users Deny Service and Execute Arbitrary Code
[1023003] Windows Kernel Lets Local Users Gain Elevated Privileges or Deny Service
[1023002] Microsoft Internet Explorer Flaws Let Remote Users Execute Arbitrary Code
[1022848] Windows Server Message Block NEGOTIATE PROTOCOL REQUEST Processing Flaw Lets Remote Users Execute Arbitrary Code
[1022846] Microsoft Wireless LAN AutoConfig Service Heap Overflow Lets Remote Wireless Users Execute Arbitrary Code
[1022845] Windows TCP/IP Stack Flaws Let Remote Users Execute Arbitrary Code and Deny Service
[1022844] Windows Media Format Runtime Bugs in Processing ASF and MP3 Files Let Remote Users Execute Arbitrary Code
[1022843] Microsoft DHTML Editing Component ActiveX Control Lets Remote Users Execute Arbitrary Code
[1022842] Microsoft JScript Scripting Engine Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1022792] Microsoft Internet Information Server (IIS) FTP Server Buffer Overflows Let Remote Authenticated Users Execute Arbitrary Code and Deny Service
[1022716] Microsoft Telnet NTLM Credential Reflection Flaw Lets Remote Users Gain Access
[1022715] Microsoft ASP.NET Request Scheduling Flaw Lets Remote Users Deny Service
[1022714] Windows Message Queuing Service (MSMQ) NULL Pointer Flaw Lets Local Users Gain Elevated Privileges
[1022713] Windows Workstation Service Double Free Memory Error Lets Local Users Gain Elevated Privileges
[1022712] Microsoft Active Template Library (ATL) Bugs Let Remote Users Execute Arbitrary Code
[1022711] Windows Media File Processing Flaw in Handling AVI Files Lets Remote Users Execute Arbitrary Code
[1022709] Windows Remote Desktop Connection Heap Overflows Let Remote Users Execute Arbitrary Code
[1022708] Microsoft Office Web Components Buffer Overflows in ActiveX Control Let Remote Users Execute Arbitrary Code
[1022630] Windows Kernel win32k.sys Lets Local Users Gain Elevated Privileges
[1022611] Microsoft Internet Explorer Memory Corruption Bugs Let Remote Users Execute Arbitrary Code
[1022610] Microsoft Visual Studio Active Template Library Bugs Let Remote Users Execute Arbitrary Code
[1022547] Microsoft Internet Security and Acceleration Server OTP Authentication Bug Lets Remote Users Access Resources
[1022546] Microsoft Office Publisher Pointer Dereference Bug Lets Remote Users Execute Arbitrary Code
[1022545] Microsoft DirectX DirectShow Validation Bugs Let Remote Users Execute Arbitrary Code
[1022544] Microsoft Virtual PC/Server Lets Local Users Gain Elevated Privileges Within a Guest Operating System
[1022543] Windows Embedded OpenType (EOT) Font Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1022535] Microsoft Office Web Components Bug in Spreadsheet ActiveX Control Lets Remote Users Execute Arbitrary Code
[1022514] Microsoft DirectShow Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code
[1022369] Microsoft PowerPoint Buffer Overflow in Freelance Translator Lets Remote Users Execute Arbitrary Code
[1022359] Windows Kernel Bugs Let Local Users Gain Elevated Privileges
[1022358] Microsoft Internet Information Services WebDAV Bug Lets Remote Users Bypass Authentication
[1022357] Windows RPC Marshalling Engine Memory Error Lets Local Users Gain Elevated Privileges
[1022356] Microsoft Word Buffer Overflows Let Remote USers Execute Arbitrary Code
[1022355] Microsoft Office Works Document Converter Bug Lets Remote Users Execute Arbitrary Code
[1022354] Microsoft Works Document Converter Bug Lets Remote Users Execute Arbitrary Code
[1022353] Windows Search Lets Remote Users Execute Scripting Code to Obtain Information
[1022352] Windows Print Spooler Lets Remote Users Execute Arbitrary Code and Local Users Read Arbitrary Files
[1022351] Microsoft Excel Bugs Let Remote Users Execute Arbitrary Code
[1022350] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
[1022349] Microsoft Active Directory Bugs Let Remote Users Execute Arbitrary Code or Deny Service
[1022299] Microsoft DirectX Bug in DirectShow QuickTime Parser Lets Remote Users Execute Arbitrary Code
[1022240] Microsoft Internet Information Server WebDAV Input Validation Flaw Lets Remote Users Execute Arbitrary Code
[1022205] Microsoft PowerPoint Has Multiple Buffer Overflows and Memory Corruption Bugs That Let Remote Users Execute Arbitrary Code
[1022046] Microsoft ISA Server Input Validation Flaw in 'cookieauth.dll' Permits Cross-Site Scripting Attacks
[1022045] Microsoft ISA Server TCP State Error Lets Remote Users Deny Service
[1022043] Microsoft WordPad and Office Text Converter Bugs Let Remote Users Execute Arbitrary Code
[1022042] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
[1022041] Windows HTTP Services Bugs Let Remote Users Execute Arbitrary Code
[1022040] Microsoft DirectX Bug in Decompressing DirectShow MJPEG Content Lets Remote Users Execute Arbitrary Code
[1022039] Microsoft Excel Malformed Object Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
[1022009] XScreenSaver May Allow Pop-up Windows to Bypass the Screen Lock
[1021976] VMware Windows 'vmci.sys' Driver Lets Local Users Gain Elevated Privileges
[1021967] Microsoft Office PowerPoint Invalid Object Access Bug Lets Remote Users Execute Arbitrary Code
[1021937] Windows Services for UNIX Unspecified Bugs in 'unlzh' and 'unpack' Let Users Execute Arbitrary Code
[1021880] Microsoft Internet Explorer Unspecified Bug Lets Remote Users Execute Arbitrary Code
[1021831] Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service
[1021830] Microsoft DNS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks
[1021829] Microsoft WINS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks
[1021828] Windows SChannel TLS Handshake Authentication Flaw Lets Certain Remote Users Spoof the System
[1021827] Windows Kernel Handle/Pointer Validation Bugs Let Local Users Gain System Privileges
[1021826] Windows Kernel Input Validation Flaw Lets Remote Users Execute Arbitrary Code
[1021820] IBM Tivoli Storage Manager HSM for Windows Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1021744] Microsoft Excel Invalid Object Access Flaw Lets Remote Users Execute Arbitrary Code
[1021702] Microsoft Visio Bugs Let Remote Users Execute Arbitrary Code
[1021701] Microsoft Exchange MAPI Command Literal Processing Bug Lets Remote Users Deny Service
[1021700] Microsoft Exchange Memory Corruption Error in Decoding TNEF Data Lets Remote Users Execute Arbitrary Code
[1021699] Microsoft Internet Explorer Bugs in Handling CSS Sheets and Deleted Objects Lets Remote Users Execute Arbitrary Code
[1021621] QuickTime Input Validation Flaw in MPEG-2 Playback Component for Windows Lets Remote Users Execute Arbitrary Code
[1021560] Windows Server Message Block Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1021495] Windows Media Player Integer Overflow in Playing WAV Files Lets Remote Users Deny Service
[1021490] Microsoft SQL Server Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code
[1021381] Microsoft Internet Explorer DHTML Data Binding Invalid Pointer Reference Bug Lets Remote Users Execute Arbitrary Code
[1021376] Microsoft WordPad Word 97 Text Converter Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1021375] Windows Media Services Discloses Authentication Information to Remote Users
[1021374] Windows Media Player Discloses Authentication Information to Remote Users
[1021373] Windows Media Player Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code
[1021372] Windows Media Services Service Principal Name NTLM Authentication Implementation Lets Remote Users Execute Arbitrary Code
[1021371] Microsoft Internet Explorer HTML Processing Bugs Let Remote Users Execute Arbitrary Code
[1021370] Microsoft Word Memory Corruption Errors Let Remote Users Execute Arbitrary Code
[1021368] Microsoft Excel Formula, Object, and Global Array Bugs Let Remote Users Execute Arbitrary Code
[1021367] Microsoft Office SharePoint Server Access Control Flaw Lets Remote Users Gain Administrative Access
[1021366] Windows Search Bugs Let Remote Users Execute Arbitrary Code
[1021365] Microsoft GDI Buffer Overflows in Processing WMF Files Lets Remote Users Execute Arbitrary Code
[1021363] Microsoft SQL Server Memory Overwrite Bug in sp_replwritetovarbin May Let Remote Users Execute Arbitrary Code
[1021294] Microsoft Office Communicator VoIP Processing Bugs Let Remote Users Deny Service
[1021245] Windows Vista Buffer Overflow in CreateIpForwardEntry2() May Let Local Users Gain Elevated Privileges
[1021190] Mozilla Firefox '.url' Windows Shortcut Files May Let Remote Users Obtain Potentially Sensitive Information
[1021164] Microsoft XML Core Services (MSXML) Bugs Let Remote Users Obtain Information and Execute Arbitrary Code
[1021163] Windows Server Message Block NTLM Authentication Replay Bug Lets Remote Users Execute Arbitrary Code
[1021091] Windows Server Service RPC Processing Bug Lets Remote Users Execute Arbitrary Code
[1021090] Cisco PIX Firewall Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication
[1021089] Cisco ASA Windows NT Domain Authentication Bug Lets Remote Users Bypass IPSec/SSL VPN Authentication
[1021053] Microsoft Ancillary Function Driver 'afd.sys' Lets Local Users Gain Elevated Privileges
[1021052] Microsoft Message Queuing (MSMQ) Heap Overflow Lets Remote Users Execute Arbitrary Code
[1021051] Windows Kernel Virtual Address Descriptor Integer Overflow Lets Local Users Gain Elevated Privileges
[1021049] Windows Server Message Block Buffer Underflow Lets Remote Authenticated Users Execute Arbitrary Code
[1021047] Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code
[1021046] Windows Kernel Bugs Let Local Users Gain Elevated Privileges
[1021045] Microsoft Office CDO Protocol Bug Lets Remote Users Execute Arbitrary Scripting Code
[1021044] Microsoft Excel Object, Calendar, and Formula Bugs Let Remote Users Execute Arbitrary Code
[1021043] Microsoft Host Integration Server RPC Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1021042] Microsoft Active Directory LDAP Memory Allocation Error Lets Remote Users Execute Arbitrary Code
[1021020] Cisco Unity Bug in Microsoft API Lets Remote Users Deny Service
[1021018] Microsoft Digital Image 'PipPPush.DLL' ActiveX Control Lets Remote Users Access Files
[1020901] BIND Windows UDP Client Handler Bug Lets Remote Users Deny Service
[1020887] Windows SMB Processing Bug Lets Remote Users Deny Service
[1020845] Apple Bonjour for Windows mDNSResponder Null Pointer Dereference Lets Users Deny Service
[1020844] Apple Bonjour for Windows DNS Query Port Entropy Weakness Lets Remote Users Spoof the System
[1020839] iTunes Windows Driver Integer Overflow Lets Local Users Gain Elevated Privileges
[1020838] Microsoft GDI+ Integer Overflow in Processing BMP Files Lets Remote Users Execute Arbitrary Code
[1020837] Microsoft GDI+ Buffer Overflow in Processing WMF Files Lets Remote Users Execute Arbitrary Code
[1020836] Microsoft GDI+ Bug in Processing GIF Image Files Lets Remote Users Execute Arbitrary Code
[1020835] Microsoft GDI+ Memory Corruption Error in Processing EMF Image Files Lets Remote Users Execute Arbitrary Code
[1020834] Microsoft GDI+ Heap Overflow in Processing Gradient Sizes Lets Remote Users Execute Arbitrary Code
[1020833] Microsoft Office OneNote Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1020832] Windows Media Encoder Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1020831] Windows Media Player Bug in Playing Audio Files via Server-side Playlists Lets Remote Users Execute Arbitrary Code
[1020733] Windows Media Services ActiveX Control Buffer Overflow in CallHTMLHelp() Function Lets Remote Users Execute Arbitrary Code
[1020711] Windows nslookup Bug May Let Remote Users Execute Arbitrary Code
[1020699] VERITAS Storage Foundation for Windows Accepts NULL NTLMSSP Authentication
[1020681] Windows Messenger ActiveX Control Bug Lets Remote Users Obtain Information and Perform Chat Functions
[1020680] Windows Mail MTHML Redirect Bug Lets Remote Users Obtain Information
[1020679] Microsoft Outlook Express MTHML Redirect Bug Lets Remote Users Obtain Information
[1020676] Microsoft PowerPoint Memory Errors Let Remote Users Execute Arbitrary Code
[1020675] Microsoft Color Management Module Heap Overflow Lets Remote Users Execute Arbitrary Code
[1020674] Microsoft Internet Explorer Multiple Bugs Let Remote Users Execute Arbitrary Code
[1020673] Microsoft Office Format Filter Bugs Let Remote Users Execute Arbitrary Code
[1020672] Microsoft Excel Input Validation Bug in Parsing Records Lets Remote Users Execute Arbitrary Code
[1020671] Microsoft Excel Input Validation Bug in Processing Array Index Values Lets Remote Users Execute Arbitrary Code
[1020670] Microsoft Excel Input Validation Bug in Processing Index Values Lets Remote Users Execute Arbitrary Code
[1020669] Microsoft Excel Credential Caching Bug Lets Local Users Gain Access to Remote Data Sources
[1020607] Mac OS X Quick Look Buffer Overflow in Downloading Microsoft Office Files Lets Remote Users Execute Arbitrary Code
[1020447] Microsoft Word Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1020441] Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code
[1020439] Microsoft Outlook Web Access for Exchange Server Input Validation Bugs Permit Cross-Site Scripting Attacks
[1020437] Windows DNS Service Bugs Let Remote Users Spoof the System
[1020436] Windows Explorer Bug in Parsing Saved Search Files Lets Remote Users Execute Arbitrary Code
[1020433] Microsoft Access Snapshot Viewer ActiveX Control Lets Remote Users Download Files to Arbitrary Locations
[1020382] Microsoft Internet Explorer Lets Remote Users Conduct Cross-Domain Scripting Attacks
[1020330] Safari for Windows WebKit JavaScript Array Memory Corrpution Bug Lets Remote Users Execute Arbitrary Code
[1020329] Safari for Windows Bug with IE Trusted Zone Sites Lets Remote Users Execute Arbitrary Code
[1020232] Microsoft Speech API Lets Remote Users Execute Arbitrary Commands
[1020231] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Fragment Option Lets Remote Users Deny Service
[1020230] Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Option Length Lets Remote Users Deny Service
[1020229] Microsoft Active Directory LDAP Validation Bug Lets Remote Users Deny Service
[1020228] Microsoft WINS Data Structure Validation Bug Lets Local Users Gain Elevated Privileges
[1020226] Microsoft Internet Explorer HTTP Request Header Bug May Let Remote Users Obtain Information in a Different Domain
[1020225] Microsoft Internet Explorer Bug in Processing Method Calls Lets Remote Users Execute Arbitrary Code
[1020223] Microsoft DirectX SAMI File Validation Bug Lets Remote Users Execute Arbitrary Code
[1020222] Microsoft DirectX MJPEG Stream Error Handling Bug Lets Remote Users Execute Arbitrary Code
[1020221] Windows Bluetooth Stack SDP Processing Bug Lets Remote Users Execute Arbitrary Code
[1020197] VMware Tools Input Validation Flaw in Windows Guest OS Lets Local Users Gain Elevated Privileges
[1020150] Apple Safari for Windows XP and Vista Lets Remote Users Download Files
[1020016] Microsoft Malware Protection Engine Lets Remote Users Deny Service
[1020015] Microsoft Publisher Bug in Processing Object Header Data Lets Remote Users Execute Arbitrary Code
[1020014] Microsoft Word Memory Error in Processing CSS Values Lets Remote Users Execute Arbitrary Code
[1020013] Microsoft Word Memory Error in Processing RTF Files Lets Remote Users Execute Arbitrary Code
[1020007] Windows CE GDI+ and GIF Processing Bug Lets Remote Users Execute Arbitrary Code
[1019904] Windows Kernel Bug Lets Local Users Gain LocalSystem Privileges
[1019804] Microsoft Visio Lets Remote Users Execute Arbitrary Code
[1019803] Windows Kernel Lets Local Users Gain Kernel Level Privileges
[1019802] Windows DNS Client Lets Remote Users Spoof the System
[1019801] Microsoft Internet Explorer Data Stream Processing Bug Lets Remote Users Execute Arbitrary Code
[1019800] Microsoft Internet Explorer 'hxvz.dll' ActiveX Control Lets Remote Users Execute Arbitrary Code
[1019799] Windows VBScript and JScript Scripting Engine Bug Lets Remote Users Execute Arbitrary Code
[1019798] Microsoft GDI Buffer Overflow in Processing EMF and WMF Files Lets Remote Users Execute Arbitrary Code
[1019797] Microsoft Project Memory Error Lets Remote Users Execute Arbitrary Code
[1019738] Microsoft Office S/MIME Processing Lets Remote Users Access Arbitrary URLs
[1019737] Windows Live Mail S/MIME Processing Lets Remote Users Access Arbitrary URLs
[1019736] Microsoft Outlook S/MIME Processing Lets Remote Users Access Arbitrary URLs
[1019686] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code via Word Documents
[1019621] VMware Windows Hosted Systems Named Pipe Bugs Let Local Users Gain Elevated Privileges
[1019616] GroupWise Windows Client API Bug Lets Remote Authenticated Users Access E-mail
[1019605] Citrix Presentation Server Client for Windows May Disclose Credentials to Local Users
[1019587] Microsoft Excel Input Validation Bug in Processing Conditional Formatting Values Lets Remote Users Execute Arbitrary Code
[1019586] Microsoft Excel Input Validation Bug in Processing Rich Text Data Lets Remote Users Execute Arbitrary Code
[1019585] Microsoft Excel Formula Parsing Error Lets Remote Users Execute Arbitrary Code
[1019584] Microsoft Excel Input Validation Bug in Processing Style Record Data Lets Remote Users Execute Arbitrary Code
[1019583] Microsoft Excel Flaw in Importing '.slk' Files Lets Remote Users Execute Arbitrary Code
[1019582] Microsoft Excel Input Validation Bug in Processing Data Validation Records Lets Remote Users Execute Arbitrary Code
[1019581] Microsoft Office Web Components DataSource Bug Lets Remote Users Execute Arbitrary Code
[1019580] Microsoft Office Web Components URL Parsing Bug Lets Remote Users Execute Arbitrary Code
[1019579] Microsoft Outlook 'mailto:' URL Validation Flaw Lets Remote Users Execute Arbitrary Code
[1019578] Microsoft Office and Excel Memory Corruption Bugs Let Remote Users Execute Arbitrary Code
[1019525] Symantec Backup Exec for Windows Server ActiveX Control Unsafe Methods Let Remote Users Execute Arbitrary Code
[1019524] Symantec Backup Exec for Windows Server ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1019388] Microsoft Works/Microsoft Office Bug in Processing '.wps' Field Length Values Lets Remote Users Execute Arbitrary Code
[1019387] Microsoft Works/Microsoft Office Bug in Processing '.wps' Header Index Table Lets Remote Users Execute Arbitrary Code
[1019386] Microsoft Works/Microsoft Office Bug in Processing '.wps' File Section Length Headers Lets Remote Users Execute Arbitrary Code
[1019385] Microsoft Internet Information Services Error in Processing ASP Page Input Lets Remote Users Execute Arbitrary Code
[1019384] Microsoft Internet Information Services File Change Notification Bug Lets Local Users Gain Elevated Privileges
[1019383] Windows Vista TCP/IP Stack DHCP Response Processing Bug Lets Remote Users Deny Service
[1019381] Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code
[1019380] Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code
[1019379] Microsoft Internet Explorer HTML Layout Rendering Bug Lets Remote Users Execute Arbitrary Code
[1019378] Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code
[1019377] Microsoft Office Publisher Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
[1019376] Microsoft Office Publisher Invalid Memory Reference Bug Lets Remote Users Execute Arbitrary Code
[1019375] Microsoft Office Object Processing Flaw Lets Remote Users Execute Arbitrary Code
[1019374] Microsoft Word Memory Error Lets Remote Users Execute Arbitrary Code
[1019373] Windows Heap Overflow in Object Linking and Embedding (OLE) Automation Lets Remote Users Execute Arbitrary Code
[1019372] Windows WebDAV Mini-Redirector Response Handling Bug Lets Remote Users Execute Arbitrary Code
[1019258] Microsoft Visual Basic '.dsr' File Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1019200] Microsoft Excel File Header Bug Lets Remote Users Execute Arbitrary Code
[1019166] Windows TCP/IP Stack ICMP and IGMP Bugs Let Remote Users Deny Service and Execute Arbitrary Code
[1019078] Microsoft Internet Explorer Object Access Bugs Let Remote Users Execute Arbitrary Code
[1019077] Microsoft Message Queuing (MSMQ) Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1019075] Windows Vista Kernel ALPC Validation Flaw Lets Local Users Gain Elevated Privileges
[1019074] Windows Media Format Runtime ASF File Parsing Bug Lets Remote Users Execute Arbitrary Code
[1019073] Microsoft DirectX Bugs in Parsing SAMI, WAV, and AVI Files Let Remote Users Execute Arbitrary Code
[1019072] Windows Vista Server Message Block v2 Signature Flaw Lets Remote Users Execute Arbitrary Code
[1019064] Windows Media Player Stack Overflow in 3ivx Codec Lets Remote Users Execute Arbitrary Code
[1019046] Cisco Security Agent for Windows Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1019033] Microsoft Web Proxy Auto-Discovery Name Server Resolution Bug Lets Remote Users Conduct Man-in-the-Middle Attacks
[1019001] Symantec Backup Exec for Windows Servers Lets Remote Users Deny Service
[1018976] Microsoft Jet Engine Stack Overflow May Let Remote Users Execute Arbitrary Code
[1018903] Microsoft DebugView 'Dbgv.sys' Module Lets Local Users Gain Kernel Level Privileges
[1018833] Windows Macromedia Security Driver Buffer Overflow Lets Local Users Gain Elevated Privileges
[1018832] Windows Mobile SMS Handler Bug Lets Remote Users Obfuscate SMS Message Source Addresses
[1018790] Microsoft Word Bug in Processing Office Files Lets Remote Users Execute Arbitrary Code
[1018789] Microsoft SharePoint Input Validation Hole Permits Cross-Site Scripting Attacks
[1018788] Microsoft Internet Explorer Bugs Let Remote Users Spoof the Address Bar and Execute Arbitrary Code
[1018787] Windows RPC NTLMSSP Authentication Flaw Lets Remote Users Deny Service
[1018786] Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code
[1018785] Windows Mail Bug in Parsing NNTP Responses Lets Remote Users Execute Arbitrary Code
[1018727] Microsoft Internet Security and Acceleration Server SOCKS4 Proxy Discloses IP Address Information to Remote Users
[1018678] Windows Services for UNIX Lets Local Users Gain Elevated Privileges
[1018677] Microsoft Agent ActiveX Control Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1018676] Microsoft Visual Basic VBP File Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1018617] Subversion Windows Client Input Validation Flaw in filename Parameter Lets Remote Authenticated Users Create/Overwrite Files
[1018575] Safari for Windows Lets Remote Users Upload Arbitrary File
[1018568] Microsoft Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1018567] Microsoft Virtual PC/Server Heap Overflow Lets Local Users Gain Elevated Privileges
[1018566] Windows Bugs in the Contacts, Feed Headlines, and Weather Gadgets Let Remote Users Execute Arbitrary Code
[1018565] Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code
[1018563] Microsoft GDI Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1018562] Microsoft Internet Explorer CSS and ActiveX Control Bugs Let Remote Users Execute Arbitrary Code
[1018561] Microsoft Excel Workspace Index Validation Bug Lets Remote Users Execute Arbitrary Code
[1018560] Microsoft OLE Automation Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
[1018559] Microsoft Core XML Services Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1018551] Microsoft DirectX Buffer Overflow in FlashPix ActiveX Control Lets Remote Users Execute Arbitrary Code
[1018520] Microsoft Visual Database Tools Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code
[1018420] Microsoft DirectX Heap Overflow in Processing RLE-Compressed Targa Images Lets Remote Users Execute Arbitrary Code
[1018412] Mozilla Firefox Lets Remote Users Inject Arbitrary Content into 'about:blank' Windows
[1018366] Symantec Backup Exec for Windows RPC Bug Lets Remote Users Deny Service
[1018355] Windows Active Directory Bug in Processing LDAP Convertible Attributes Lets Remote Users Execute Arbitrary Code
[1018354] Windows Vista Firewall Teredo Interface Discloses Network Information to Remote Users and May Let Remote Users Bypass Firewall Rules
[1018353] Microsoft Office Publisher Lets Remote Users Execute Arbitrary Code
[1018352] Microsoft Excel Caculation Error and Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1018351] Microsoft Internet Explorer Bug in Firefox URL Protocol Handler Lets Remote Users Execute Arbitrary Commands
[1018321] Microsoft Excel Sheet Name Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1018318] Nessus Input Validation Hole in Windows GUI Permits Cross-Site Scripting Attacks
[1018251] Microsoft Office Buffer Overflow in MSODataSourceControl ActiveX Control May Let Remote Users Execute Arbitrary Code
[1018235] Microsoft Internet Explorer Bugs Let Remote Users Execute Arbitrary Code
[1018234] Windows Mail MHTML Protocol Handler Content-Disposition Bug Lets Remote Users Obtain Information
[1018232] Windows Mail MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information
[1018230] Windows Input Validation Flaw in Win32 API Lets Remote and Local Users Execute Arbitrary Code
[1018226] Windows Schannel Digital Signature Bug Lets Remote Users Execute Arbitrary Code
[1018225] Windows Vista Discloses Sensitive Information to Local Users
[1018202] Microsoft GDI+ ICO File Divide By Zero Bug Lets Remote Users Deny Service
[1018193] Microsoft Internet Explorer Lets Remote Users Spoof Certain Objects
[1018192] Microsoft Internet Explorer Input Validation Hole Permits Cross-Site Scripting Attacks
[1018188] Symantec VERITAS Storage Foundation Windows Scheduler Service Lets Remote Users Execute Arbitrary Commands
[1018107] Microsoft Office Buffer Overflow in OUACTRL.OCX ActiveX Control Lets Remote Users Execute Arbitrary Code
[1018019] Microsoft Internet Explorer Bugs Let Remote Users Modify Files or Execute Arbitrary Code
[1018017] Microsoft CAPICOM 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code
[1018016] Microsoft BizTalk Server 'CAPICOM.Certificates' ActiveX Control Lets Remote Users Execute Arbitrary Code
[1018015] Microsoft Exchange Base64, iCal, IMAP, and Attachment Processing Bugs Let Remote Users Deny Service or Execute Arbitrary Code
[1018014] Microsoft Office Drawing Object Validation Flaw Lets Remote Users Execute Arbitrary Code
[1018013] Microsoft Word Array and RTF Processing Bugs Let Remote Users Execute Arbitrary Code
[1018012] Microsoft Excel Specially Crafted BIFF Records, Set Font Values, and Filter Records Permit Remote Code Execution
[1017969] Microsoft Internet Explorer Digest Authentication Bug Lets Remote Users Conduct HTTP Request Splitting Attacks
[1017902] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed
[1017898] Windows Kernel Memory Mapping Permission Error Lets Local Users Gain System Privileges
[1017897] Windows Vista Client-Server Run-time Subsystem Lets Local Users Gain Elevated Privileges
[1017896] Microsoft Agent URL Parsing Bug Lets Remote Users Execute Arbitrary Code
[1017895] Windows XP Universal Plug and Play Lets Remote Users on the Local Subnet Execute Arbitrary Code
[1017894] Microsoft Content Management Server Permits Cross-Site Scripting Attacks and Lets Remote Users Execute Arbitrary Code
[1017847] Windows Kernel GDI Color Parameter Bug Lets Local Users Gain System Privileges
[1017846] Windows Kernel GDI Input Validation Flaw in Processing Application Size Parameters Lets Local Users Gain System Privileges
[1017845] Windows TrueType Font Rasterizer Lets Local Users Gain System Privileges
[1017844] Windows Kernel EMF Image Processing Bug Lets Local Users Gain System Privileges
[1017843] Windows Kernel WMF Image Processing Lets Remote Users Deny Service
[1017816] Windows Mail URL Bug Lets Remote Users Cause Execute Existing Code on the Target User's System to Be Executed
[1017712] Citrix Presentation Server Client for Windows Lets Remote Users Execute Arbitrary Code
[1017694] VeriSign Secure Messaging for Microsoft Exchange Stack Overflow in ConfigChk ActiveX Control Lets Remote Users Execute Arbitrary Code
[1017653] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code
[1017643] Microsoft Internet Explorer Multiple COM Objects Let Remote Users Execute Arbitrary Code
[1017642] Microsoft Internet Explorer FTP Server Response Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1017640] Microsoft Office OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1017639] Microsoft Word Macro Security Warning Bug and Drawing Object Memory Corrupution Error Lets Remote Users Execute Arbitrary Code
[1017638] Microsoft MFC Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1017637] Microsoft OLE Dialog RTF File Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1017635] Microsoft HTML Help ActiveX Control Lets Remote Users Execute Arbitrary Code
[1017634] Windows Image Acquisition Service Buffer Overflow Lets Local Users Gain System Privileges
[1017633] Windows Shell Hardware Detection Service Parameter Validation Error Lets Local Users Gain Elevated Privileges
[1017632] Microsoft Step-by-Step Interactive Training Buffer Overflow in Processing Bookmark Links Lets Remote Users Execute Arbitrary Code
[1017609] HP OpenView Network Node Manager Unsafe Folder Permissions Lets Local Windows Users Gain Elevated Privileges
[1017584] Microsoft Office Excel Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1017579] [Duplicate Entry] Microsoft Word Unspecified Vulnerability Lets Remote Users Execute Arbitrary Code
[1017564] Microsoft Word Function Processing Bug Lets Remote Users Execute Arbitrary Code
[1017530] Microsoft Help Workshop Buffer Overflow in Processing '.CNT' Files Lets Remote Users Execute Arbitrary Code
[1017489] Windows Vector Markup Language Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1017488] Microsoft Outlook '.iCal', '.oss', and SMTP Header Bugs Let Remote Users Execute Arbitrary Code or Deny Service
[1017487] Microsoft Excel Buffer Overflows in Processing Various Records and Strings Lets Remote Users Execute Arbitrary Code
[1017486] Microsoft Office Brazilian Portuguese Grammar Checker Lets Remote Users Execute Arbitrary Code
[1017485] Microsoft Excel Memory Access Error Lets Remote Users Execute Arbitrary Code
[1017454] Windows Client-Server Run-time Subsystem NtRaiseHardError Discloses Memory to Local Users
[1017433] Windows Client-Server Run-time Subsystem Lets Remote Users Execute Arbitrary Code
[1017401] Mozilla Firefox Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code
[1017400] Mozilla Thunderbird Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code
[1017399] Mozilla Seamonkey Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code
[1017397] Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service
[1017390] Microsoft Word Unchecked Count Vulnerability Lets Remote Users Execute Arbitrary Code
[1017388] Microsoft Project Discloses Database Password to Remote Authenticated Users
[1017374] Microsoft Internet Explorer May Disclose Contents of the Temporary Internet Files Folder to Remote Users
[1017373] Microsoft Internet Explorer DHTML and Script Error Handling Bugs Let Remote Users Execute Arbitrary Code
[1017372] Windows Media Player and Windows Media Format Runtime ASF File Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1017371] Windows SNMP Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1017370] Windows Client-Server Run-time Subsystem Lets Local Users Gain System Privileges
[1017368] Windows Remote Installation Service TFTP Server Lets Remote Users Overwrite Files to Execute Arbitrary Code
[1017358] Microsoft Word Data Structure Processing Bug Lets Remote Users Cause Arbitrary Code to Be Executed
[1017354] Windows Media Player ASX Playlist File Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1017339] Microsoft Word String Processing Bug Lets Remote Users Execute Arbitrary Code
[1017330] Windows Print Spooler Subsystem GetPrinterData() Function Lets Remote Users Deny Service
[1017224] Microsoft Client Service for Netware Buffer Overflows Let Remote Users Execute Arbitrary Code and Crash the System
[1017223] Microsoft Internet Explorer Bug in Rending HTML Layout Combinations May Let Remote Users Execute Arbitrary Code
[1017222] Microsoft Agent '.ACF' File Memory Corruption Error Lets Remote Users Execute Arbitrary Code
[1017221] Windows Workstation Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1017165] Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates
[1017157] Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code
[1017142] Microsoft Visual Studio WMI Object Broker ActiveX Control Lets Remote Users Execute Arbitrary Code
[1017133] Microsoft NAT Helper 'ipnathlp.dll' Lets Remote Users Deny Service
[1017127] Microsoft Data Access Components 'ADODB.Connection' Execute Function Lets Remote Users Execute Arbitrary Code
[1017122] Microsoft Internet Explorer Lets Remote Users Partially Spoof Address Bar URLs
[1017059] Microsoft PowerPoint Bug Causes PowerPoint to Crash
[1017037] Windows Object Packager RTF File Object Lets Remote Users Execute Arbitrary Code
[1017035] Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service
[1017034] Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code
[1017033] Microsoft XML Core Services Lets Remote Users Execute Arbitrary Code or Obtain Information
[1017032] Microsoft Word String and Mail Merge Record Validation Flaws Let Remote Users Execute Arbitrary Code
[1017031] Microsoft Excel DATETIME/COLINFO Record Errors and Lotus 1-2-3 Errors Let Remote Users Execute Arbitrary Code
[1017030] Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code
[1017018] Cisco Secure Desktop May Let Local Users Access Data Via Windows Operating System Files
[1016937] Microsoft PowerPoint Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
[1016886] [Duplicate] Microsoft PowerPoint Bug Lets Remote Users Execute Arbitrary Code
[1016879] Microsoft Internet Explorer VML Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1016854] Microsoft Internet Explorer Buffer Overflow in 'daxctle.ocx' ActiveX in KeyFrame Method Control Lets Remote Users Execute Arbitrary Code
[1016839] Microsoft Internet Explorer URLMON.DLL Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1016827] Microsoft PGM Implementation Buffer Overflow in MSMQ Service Lets Remote Users Execute Arbitrary Code
[1016826] Windows Indexing Service Input Validation Flaw in Query Parameters Permits Cross-Site Scripting Attacks
[1016825] Microsoft Publisher Buffer Overflow in Parsing '.pub' Files Lets Remote Users Execute Arbitrary Code
[1016787] Microsoft Word Record Validation Vulnerability Lets Remote Users Execute Arbitrary Code
[1016764] Microsoft Internet Explorer (IE) Buffer Overflow in 'daxctle.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code
[1016731] Microsoft Internet Explorer URL Buffer Overflow in Processing HTTP 1.1 Protocol with Compression Lets Remote Users Execute Arbitrary Code
[1016720] [Duplicate Entry] Microsoft PowerPoint Unknown Bug May Let Remote Users Execute Arbitrary Code
[1016667] Windows Server Service Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1016663] Microsoft Internet Explorer Bugs Let Remote Users Obtain Information or Execute Arbitrary Code
[1016662] Windows 2000 Kernel Winlogon Alternate Path Lets Local Users Gain Elevated Privileges.
[1016661] Windows Kernel Incorrect Exception Handling Lets Remote Users Execute Arbitrary Code
[1016659] Windows Hyperlink Object Library Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1016658] Windows 2000 Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges
[1016657] Microsoft Office Buffer Overflow in Processing PowerPoint Records Lets Remote Users Execute Arbitrary Code
[1016656] Microsoft Visual Basic for Applications Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1016655] Microsoft Management Console Input Validation Hole Permits Remote Code Execution
[1016654] Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code
[1016653] Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code
[1016606] Windows Server Service Null Pointer Comparison Lets Remote Users Deny Service
[1016506] Microsoft Internet Security and Acceleration Server HTTP File Exentsion Filter Can Be Bypassed By Remote Users
[1016504] Microsoft Works Buffer Overflow in Processing Spreadsheet Files May Let Remote Users Execute Arbitrary Code
[1016496] Microsoft PowerPoint 'mso.dll' Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1016472] Microsoft Excel Errors in Processing Various Malformed Records Let Remote Users Execute Arbitrary Code
[1016470] Microsoft Office PNG and GIF File Buffer Error Lets Remote Users Execute Arbitrary Code
[1016469] Microsoft Office String Parsing and Property Bugs Let Remote Users Execute Arbitrary Code
[1016468] Microsoft DHCP Client Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1016467] Windows Server Service Buffer Overflows Let Remote Users View SMB Information and Execute Arbitrary Code
[1016466] Microsoft Internet Information Server (IIS) Buffer Overflow in Processing ASP Pages Lets Remote Authenticated Users Execute Arbitrary Code
[1016453] Microsoft Office LsCreateLine() Function May Let Remote Users Execute Arbitrary Code
[1016434] Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code
[1016430] Microsoft Excel STYLE Record Bug May Let Remote Users Execute Arbitrary Code
[1016375] Webmin for Windows Error in Parsing '\' Backslash Character Permits Directory Traversal Attacks
[1016373] Windows Live Messenger Contact List Heap Overflow
[1016344] Microsoft Excel 'Shockwave Flash Object' Lets Remote Users Execute Code Automatically
[1016316] Microsoft Excel Memory Validation Flaw May Let Remote Users Cause Arbitrary Code to Be Executed
[1016291] Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code
[1016289] Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems
[1016288] Windows Server Message Block Processing Bugs Let Local Users Gain Elevated Privileges or Deny Service
[1016287] Microsoft PowerPoint Buffer Overflow in Processing Malformed Records Lets Remote Users Execute Arbitrary Code
[1016285] Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code
[1016284] Windows Media Player Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code
[1016283] Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code
[1016280] Microsoft Outlook Web Access Input Validation Hole Permits Cross-Site Scripting Attacks
[1016196] F-Secure Anti-Virus for Microsoft Exchange Buffer Overflow in Web Console May Let Remote Users Execute Arbitrary Code
[1016156] Cisco VPN Client for Windows Lets Local Users Gain Elevated Privileges
[1016130] Microsoft Word Lets Remote Users Cause Arbitrary Code to Be Executed
[1016048] Microsoft Exchange Error in Processing iCAL/vCAL Properties Lets Remote Users Execute Arbitrary Code
[1016047] Microsoft Distributed Transaction Coordinator Bugs Let Remote Users Deny Service
[1016005] Microsoft Outlook Express 'mhtml:' Redirect URL Processing Lets Remote Users Bypass Security Domains
[1016001] Microsoft Internet Explorer Bug in Processing Nested OBJECT Tags Lets Remote Users Execute Arbitrary Code
[1015969] HP StorageWorks Secure Path for Windows Lets Remote Users Deny Service
[1015950] Neon Responders for Windows Can Be Crashed By Remote Users
[1015900] Microsoft Internet Explorer Parsing and State Errors Let Remote Users Execute Arbitrary Code
[1015899] Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar URL
[1015896] Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks
[1015895] Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks
[1015894] Microsoft Data Access Components RDS.Dataspace Access Control Bug Lets Remote Users Execute Arbitrary Code
[1015892] Microsoft Internet Explorer Popup Window Object Bugs Let Remote Users Execute Scripting Code in Arbitrary Domains
[1015855] Microsoft Office Array Index Boundary Error Lets Remote Users Execute Arbitrary Code
[1015825] Microsoft ASP.NET Incorrect COM Component Reference Lets Remote Users Deny Service
[1015812] Microsoft Internet Explorer createTextRange() Memory Error Lets Remote Users Execute Arbitrary Code
[1015800] (Vendor Issues Fix) Microsoft Internet Explorer (IE) Lets Remote Users Cause HTA Files to Be Executed
[1015794] (Vendor Issues Fix) Microsoft Internet Explorer 'mshtml.dll' Bug in Processing Multiple Action Handlers Lets Remote Users Deny Service
[1015785] Veritas Backup Exec for Windows Servers Media Server Format String Bug in BENGINE May Let Remote Users Execute Arbitrary Code
[1015766] Microsoft Office and Excel Buffer Overflows Let Remote Users Execute Arbitrary Code
[1015720] Microsoft Internet Explorer Modal Security Dialog Race Condition May Let Remote Users Install Code or Obtain Information
[1015632] Microsoft PowerPoint May Let Users Access Contents of the Temporary Internet Files Folder
[1015631] Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges
[1015628] Windows Media Player Plug-in for 3rd Party Browsers Buffer Overflow in Processing EMBED Elements Lets Remote Users Execute Arbitrary Code
[1015627] Windows Media Player Bitmap File Bug May Let Remote Users Execute Arbitrary Code
[1015585] Microsoft HTML Help Workshop Buffer Overflow in Processing .hhp Files Lets Remote User Execute Arbitrary Code
[1015559] Microsoft Internet Explorer Shockwave Flash Scripting Bug Lets Remote Users Deny Service
[1015489] Microsoft Wireless Network Connection Software May Broadcast Ad-Hoc SSID Information in Certain Cases
[1015461] Microsoft Outlook Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code
[1015460] Microsoft Exchange Buffer Overflow in Processing TNEF Messages Lets Remote Users Execute Arbitrary Code
[1015376] Microsoft IIS Lets Remote Users Deny Service or Execute Arbitrary Code With Malformed HTTP GET Requests
[1015350] Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users
[1015348] Microsoft Internet Explorer Bug in Instantiating COM Objects May Let Remote Users Execute Arbitrary Code
[1015333] Microsoft Excel Unspecified Stack Overflow May Let Remote Users Cause Arbitrary Code to Be Executed
[1015251] Microsoft Internet Explorer Bug in Processing Mismatched Document Object Model Objects May Let Remote Users Execute Arbitrary Code
[1015226] Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code
[1015224] Kaspersky Anti-Virus for Windows File Servers Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code
[1015222] Apple iTunes for Windows Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code
[1015143] F-Secure Anti-Virus for Microsoft Exchange Web Console May Disclose Files to Remote Users
[1015101] Microsoft Internet Explorer J2SE Runtime Environment Bug Lets Remote Users Crash the Target User's Browser
[1015043] Microsoft Network Connection Manager Lets Remote Users Deny Service
[1015041] Microsoft Client Service for NetWare Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1015038] Microsoft Exchange Buffer Overflow in Collaboration Data Objects Lets Remote Users Execute Arbitrary Code
[1015034] Microsoft DirectX DirectShow Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1014899] AVIRA Desktop for Windows Buffer Overflow in Processing ACE Archives May Let Remote Users Execute Arbitrary Code
[1014871] NOD32 for Windows Buffer Overflow in Processing ARJ Archives May Let Remote Users Execute Arbitrary Code
[1014809] Microsoft Internet Explorer Unspecified Bug May Permit Remote Code Execution
[1014777] Microsoft IIS ASP Error Page May Disclose System Information in Certain Cases
[1014727] Microsoft 'msdds.dll' COM Object Lets Remote Users Execute Arbitrary Code
[1014643] Microsoft Internet Explorer COM Object Instantiation Bug May Let Remote Users Execute Arbitrary Code
[1014641] Microsoft Internet Explorer Web Folder URL Validation Bug Lets Remote Users Execute Scripting Code in an Arbitrary Security Domain
[1014566] Windows Buffer Overflow in Unspecified USB Device Driver Lets Physically Local Users Execute Arbitrary Code
[1014500] Microsoft Internet Explorer (IE) JPEG Rendering Bugs Let Remote Users Deny Service or Execute Arbitrary Code
[1014458] Microsoft Office Buffer Overflow in Parsing Fonts Lets Remote Users Cause Arbitrary Code to Be Executed
[1014457] Microsoft Microsoft Color Management Module Lets Remote Users Execute Arbitrary Code
[1014364] Microsoft Internet Information Server May Allow Remote Users to Conduct HTTP Response Smuggling Attacks
[1014356] Microsoft ISA Server May Accept HTTP Authentication Even When SSL Is Required
[1014352] Microsoft Front Page May Crash When Editing a Specially Crafted Web Page
[1014329] Microsoft Internet Explorer 'javaprxy.dll' COM Object Exception Handling Lets Remote Users Execute Arbitrary Code
[1014261] Microsoft Internet Explorer Lets Remote Users Spoof Javascript Dialog Boxes
[1014201] Microsoft Internet Explorer Buffer Overflow in Rendering PNG Images Lets Remote Users Execute Arbitrary Code
[1014200] Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code
[1014199] Microsoft Outlook Web Access Input Validation Hole in IMG Tags Permits Cross-Site Scripting Attacks
[1014197] Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents
[1014195] Microsoft HTML Help Input Validation Flaw Lets Remote Users Execute Arbitrary Code
[1014194] Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code
[1014193] Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections
[1014178] Symantec pcAnywhere 'Launch With Windows' Properties Let Local Users Gain Elevated Privileges
[1014174] Microsoft Internet Explorer Lets Remote Users Obfuscate Scripting Code
[1014131] SMTP Server for Windows NT/2000/XP/2003 Lets Remote Users Crash the SMTP Service
[1014113] Microsoft ISA Server in SecureNAT Configuration Can Be Crashed By Remote Users
[1014050] Computer Associates eTrust Antivirus Integer Overflow in Processing Microsoft OLE Data Lets Remote Users Execute Arbitrary Code
[1013996] Microsoft ASP.NET May Disclose System Information to Remote Users in Certain Cases
[1013945] Windows Media Player License Acquisition Feature May Let Remote Users Redirect Users to Arbitrary Web Pages
[1013692] Microsoft Internet Explorer Buffer Overflows in DHTML, URL Parsing, and Content Advisor Let Remote Users Execute Arbitrary Code
[1013691] Microsoft Message Queuing Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1013687] Microsoft Exchange Heap Overlow in Processing Extended SMTP Verb Lets Remote Users Execute Arbitrary Code
[1013684] Microsoft Word Unspecified Buffer Overflow in Processing Documents Lets Remote Users Execute Arbitrary Code
[1013669] Microsoft Outlook Web Access 'From' Address Display Lets Remote Users Spoof Origination Addresses
[1013668] Microsoft Outlook 'From' Address Display Lets Remote Users Spoof Origination Addresses
[1013618] Microsoft Jet Database Buffer Overflow in 'msjet40.dll' Lets Remote Users Execute Arbitrary Code
[1013583] Microsoft Outlook Connector for IBM Lotus Domino Lets Users Bypass Password Storage Policy
[1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
[1013436] GoodTech Telnet Server for Windows NT/2000/XP/2003 Buffer Overflow in Administration Port Lets Remote Users Execute Arbitrary Code
[1013205] Microsoft Internet Explorer Can Be Crashed With URL Containing Special URL Characters
[1013126] Microsoft Internet Explorer CDF Scripting Error Lets Remote Users Execute Scripting Code in Arbitrary Domains
[1013125] Microsoft Internet Explorer DHTML Method Heap Overflow Lets Remote Users Execute Arbitrary Code
[1013124] Microsoft Internet Explorer URL Encoding Error Lets Remote Users Spoof Arbitrary URLs and Execute Scripting Code in Arbitrary Security Zone
[1013111] Microsoft SharePoint Services Redirection Query Input Validation Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
[1013110] Microsoft Office XP Buffer Overflow in Processing URLs Lets Remote Users Execute Arbitrary Code
[1013108] Mozilla Firefox Hybrid Image Bug Allows Batch Statements to Be Draged to the Desktop and Tabbed Javascript Bugs Let Remote Users Access Other Windows
[1013086] Microsoft Outlook Web Access 'owalogon.asp' Lets Remote Users Redirect Login Requests
[1012836] Microsoft HTML Help Active Control Cross-Domain Error Lets Remote Users Execute Arbitrary Commands
[1012835] Microsoft Cursor and Icon Validation Error Lets Remote Users Execute Arbitrary Code
[1012833] Windows Indexing Service Buffer Overflow in Processing Queries Lets Remote Users Execute Arbitrary Code
[1012706] netcat for Windows Buffer Overflow in doexec Lets Remote Users Execute Arbitrary Code
[1012652] Spy Sweeper Enterprise Windows Tray Icon Lets Local Users Gain Elevated Privileges
[1012584] Microsoft IE dhtmled.ocx Lets Remote Users Execute Cross-Domain Scripting Attacks
[1012518] Microsoft HyperTerminal Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1012517] Microsoft WINS Buffer Overflow in Name Value Lets Remote Users Execute Arbitrary Code
[1012514] Microsoft WordPad Error in Converting Tables/Fonts Lets Remote Users Execute Arbitrary Code
[1012512] Microsoft LSASS Bug in Validating Identity Tokens Lets Local Users Gain Elevated Privileges
[1012461] KDE Konqueror Lets Remote Users Inject Content into Open Windows
[1012460] Opera Lets Remote Users Inject Content into Open Windows
[1012459] Apple Safari Lets Remote Users Inject Content into Open Windows
[1012457] Mozilla Firefox Lets Remote Users Inject Content into Open Windows
[1012444] Microsoft Internet Explorer Input Validation Error in Processing FTP URLs May Let Remote Users Inject Arbitrary FTP Commands
[1012341] Microsoft WINS Memory Overwrite Lets Remote Users Execute Arbitary Code
[1012288] Microsoft IE Custom 404 Error Message and execCommand SaveAs Lets Remote Users Bypass XP SP2 Download Warning Mechanisms
[1012272] Mailtraq Windows Tray Icon Lets Local Users Gain System Privileges
[1012271] Altiris AClient Service Windows Tray Icon Lets Local Users Gain System Privileges
[1012234] Microsoft Internet Explorer on XP SP2 Has Unspecified Flaws That Let Remote Users Bypass File Download Restrictions
[1012155] Microsoft Internet Security and Acceleration Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites
[1012154] Microsoft Proxy Server Reverse DNS Caching Bug Lets Remote Users Spoof Web Sites
[1012138] Microsoft IE Discloses Whether Specified Files Exist to Remote Users
[1012057] F-Secure Anti-Virus for Microsoft Exchange Lets Remote Users Bypass Anti-Virus Detection With a ZIP Archive
[1012049] (Exploit Code Has Been Released) Microsoft Internet Explorer Buffer Overflow in IFRAME/EMBED Tag Processing Lets Remote Users Execute Arbitrary Code
[1011987] Microsoft Internet Explorer Lets Remote Users Spoof the Status Bar Address with a Table Within a Link
[1011895] Microsoft IE for Mac Multi-Window Browsing Errors Let Remote Users Spoof Sites
[1011890] Microsoft Outlook May Display Images in Plaintext Only Mode
[1011851] Microsoft IE AnchorClick Behavior and HTML Help Let Remote Users Execute Arbitrary Code
[1011735] Microsoft Internet Explorer May Display the Incorrect URL When Loading a Javascript Homepage
[1011706] Microsoft Operating System 'asycpict.dll' Lets Remote Users Crash the System
[1011678] Microsoft IE MSN 'heartbeat.ocx' Component Has Unspecified Flaw
[1011646] Microsoft Program Group Converter Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1011645] Microsoft Various Operating System Flaws Lets Remote Users Execute Code and Local Users Gain Elevated Privileges or Deny Service
[1011644] Microsoft IE Plug-in Navigation Flaw Lets Remote Users Spoof URLs in the Addresses Bar
[1011643] Microsoft IE Double Byte Parsing Flaw Lets Remote Users Spoof URLs in the Addresses Bar
[1011642] Microsoft IE SSL Caching Flaw Lets Remote Users Run Scripting Code in the Context of Arbitrary Secure Sites
[1011640] Microsoft IE Buffer Overflow in Install Engine Lets Remote Users Execute Arbitrary Code
[1011639] Microsoft IE Buffer Overflow in Processing Cascading Style Sheets Lets Remote Users Execute Arbitrary Code
[1011636] Microsoft SMTP Service Buffer Overflow in Processing DNS Responses May Let Remote Users Execute Arbitrary Code
[1011635] Microsoft Excel Unspecified Flaw Lets Remote Users Execute Arbitrary Code
[1011634] Microsoft NetDDE Buffer Overflow Lets Remote Users Execute Arbitrary Code With System Privileges
[1011633] Microsoft IIS WebDAV XML Message Handler Error Lets Remote Users Deny Service
[1011632] Microsoft NT RPC Runtime Library Buffer Overflow Lets Remote Users Deny Service
[1011631] Microsoft NNTP Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges
[1011627] Windows 2003 Default ACL Permissions on the Firewall Service Lets Any Users Stop the Service
[1011626] Microsoft Cabarc Directory Traversal Flaw Lets Remote Users Create/Overwrite Files on the Target System
[1011565] Microsoft Word Parsing Flaw May Let Remote Users Execute Arbitrary Code
[1011563] Microsoft Internet Explorer Lets Remote Users Access XML Documents
[1011559] Microsoft .NET Forms Authentication Can Be Bypassed By Remote Users
[1011434] Microsoft SQL Server Can Be Crashed By Remote Users Sending a Specially Crafted Large Buffer
[1011374] Windows XP Service Pack 2 Firewall Configuration Error Exposes File and Print Sharing to Remote Users
[1011344] IBM OEM Version of Windows XP Silently Creates Administrator Account With No Password
[1011332] Microsoft Internet Explorer Bug in Setting Cookies in Certain Domains May Let Remote Users Conduct Session Fixation Attacks
[1011253] Microsoft GDI+ Buffer Overflow in Processing JPEG Images Lets Remote Users Execute Arbitrary Code
[1011252] Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
[1011251] Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
[1011250] Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
[1011249] Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
[1011200] F-Secure Anti-Virus for Microsoft Exchange Input Validation Bug in Content Scanner Server Lets Remote Users Deny Service
[1011141] HP Systems Insight Manager May Not Let Users Login After Applying a Microsoft Security Patch
[1011067] Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses
[1011043] Microsoft Internet Explorer Local File IFRAME Error Response Lets Remote Users Determine if Files or Directories Exist
[1010995] Windows XP SP2 May Display the Wrong Icon in Zip Archives
[1010992] Microsoft Internet Security and Acceleration Server Does Not Block FTP Bounce Attacks
[1010957] Microsoft Internet Explorer Unregistered Protocol State Error Lets Remote Users Spoof Location Bar
[1010916] Microsoft Outlook Web Access Input Validation Hole in Redirection Query Permits Cross-Site Scripting Attacks
[1010836] Windows Remote Desktop May Let Remote Users Crash the System
[1010827] Microsoft Internet Explorer Error in 'mshtml.dll' in Processing GIF Files Lets Remote Users Crash the Browser
[1010713] Microsoft Systems Management Server (SMS) Client Can Be Crashed By Remote Users
[1010694] Microsoft IE Lets Remote Users Spoof Filenames Using CLSIDs
[1010693] Microsoft Internet Explorer 'shell:' Protocol Lets Remote Users Execute Arbitrary Scripting Code in the Local Zone
[1010692] Microsoft IIS 4.0 Buffer Overflow in Redirect Function Lets Remote Users Execute Arbitrary Code
[1010690] Microsoft HTML Help Input Validation Error Lets Remote Users Execute Arbitrary Code
[1010686] Microsoft Utility Manager Permits Local Applications to Run With Elevated Privileges
[1010683] Microsoft Internet Explorer Same Name Javascript Bug Lets Remote Users Execute Arbitrary Javascript in the Domain of an Arbitrary Site
[1010679] Microsoft Internet Explorer Access Control Flaw in popup.show() Lets Remote Users Execute Mouse-Click Actions
[1010673] Microsoft Internet Explorer Can Be Crashed By Remote Users With Large Text Files
[1010669] Mozilla Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol
[1010668] Firefox Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol
[1010667] Thunderbird Lets Remote Users Launch Local Windows Applications Via the 'shell:' Protocol
[1010610] Microsoft IIS Web Server May Disclose Private IP Addresses in Certain Cases
[1010550] Microsoft MN-500 Wireless Base Station Lets Remote Users Deny Administrative Access
[1010491] Microsoft Internet Explorer Crashes When Saving Files With Special Character Strings
[1010482] Microsoft Internet Explorer '%2F' URL Parsing Error Lets Remote Users Spoof Sites in the Trusted Zone
[1010479] (US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain Redirect Hole Lets Remote Users Execute Arbitrary Code
[1010427] Microsoft DirectX DirectPlay Input Validation Error Lets Remote Users Crash the Application
[1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
[1010175] Microsoft Visual Basic Buffer Overflow May Let Local Users Gain Elevated Privileges
[1010166] Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users
[1010165] Microsoft Internet Explorer Image Map URL Display Error Lets Remote Users Spoof URLs
[1010157] Microsoft Internet Explorer showHelp Path Search Lets Remote Users Load Existing Local CHM Files
[1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
[1010119] Microsoft Help and Support Center HCP URL Validation Error May Let Remote Users Execute Arbitrary Code If User Interactions Occur
[1010092] Microsoft Internet Explorer 'file://' URL Processing Flaw Lets Remote Users Damage the Registry
[1010079] Microsoft IIS ASP Script Cookie Processing Flaw May Disclose Application Information to Remote Users
[1010009] Microsoft Internet Explorer SSL Icon Error May Let Remote Users Impersonate Secure Web Sites
[1009939] Microsoft Internet Explorer Buffer Overflow in Processing SMB Share Names Lets Remote Users Execute Arbitrary Code
[1009778] Microsoft H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1009777] Microsoft SSL Library Input Validation Error Lets Remote Users Crash the Service
[1009769] Microsoft Utility Manager Lets Local Users Run Applications With Elevated Privileges
[1009768] Microsoft Winlogon Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
[1009760] Microsoft Virtual DOS Machine (VDM) Lets Local Users Gain Elevated Privileges
[1009757] Microsoft Jet Database Engine 'msjet40.dll' Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1009754] Microsoft ASN.1 Library (msasn1.dll) Double-Free Memory Allocation Error May Let Remote Users Execute Arbitrary Code
[1009753] Microsoft SSL Library PCT Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1009752] Microsoft Help and Support Center Input Validation Flaw Lets Remote Users Execute Arbitrary Code in the My Computer Zone
[1009751] Microsoft LSASS Service Buffer Overflow Lets Remote Users Execute Arbitrary Code With SYSTEM Privileges
[1009746] Microsoft Internet Explorer Bitmap Memory Allocation Error Lets Remote Users Cause All Available Memory to Be Consumed
[1009743] Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File
[1009739] Microsoft Internet Explorer Javascript OLE Object Lets Remote Users Automatically Print Without Authorization
[1009690] Microsoft Internet Explorer Security Domain Flaw in Accessing CHM Files Lets Remote Users Execute Arbitrary Code
[1009666] Microsoft SharePoint Portal Server Input Validation Holes Permit Cross-Site Scripting Attacks
[1009604] Microsoft Internet Explorer Does Not Correctly Display Links With Embedded FORM Data
[1009603] Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data
[1009546] Microsoft Operating Systems Have Unspecified Flaw That Yields Kernel Level Access to Local Users
[1009361] Microsoft Internet Explorer Cookie Path Restrictions Can Be Bypassed By Remote Servers
[1009360] Microsoft MSN Messenger May Disclose Known Files to Remote Users
[1009358] Microsoft Office XP 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain
[1009357] Microsoft Outlook 'mailto' URL Parsing Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Domain
[1009243] Microsoft Internet Explorer (IE) May Leak Keystrokes Across Frames
[1009128] Windows XP Kernel NtSystemDebugControl() Flaws Let Local Users With SeDebugPrivilege Execute Arbitrary Code in Kernel Mode
[1009067] Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code
[1009009] Microsoft Virtual PC for Mac Temporary File Flaw Lets Local Users Gain Root Privileges
[1009007] Microsoft ASN.1 Library Heap Overflows Let Remote Users Execute Arbitrary Code With SYSTEM Privileges
[1008901] Microsoft Internet Explorer Travel Log Input Validation Flaw Lets Remote Users Run Arbitrary Scripting Code in the Local Computer Domain
[1008843] Windows XP Explorer Executes Arbitrary Code in Folders
[1008698] Microsoft Internet Security and Acceleration Server H.323 Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1008658] Windows Ftp Server Format String Flaw May Let Remote Users Execute Arbitrary Code
[1008586] Microsoft Office Security Features Can Be Bypassed
[1008585] GoodTech Systems Telnet Server for Windows NT/2000/XP Can Be Crashed By Remote Users
[1008583] Microsoft Internet Explorer Flaw in Processing '.lnk' Shortcuts Lets Remote Users Execute Arbitrary Code
[1008578] Microsoft Internet Explorer showHelp() '\..\' Directory Traversal Flaw Lets Remote Users Execute Files on the Target System
[1008570] Jordan Stojanovski Windows Telnet Server 'username' Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1008563] Microsoft IIS Fails to Log HTTP TRACK Requests
[1008558] Microsoft Internet Explorer Trusted Domain Default Settings Facilitate Silent Installation of Executables
[1008554] Microsoft IE for Mac May Disclose Sensitive Information in Secure URLs to Remote Sites via HTTP Referer Field
[1008510] Openwares.org 'Microsoft IE Security Patch' URL Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1008428] Microsoft ASP.NET Web Services XML Parsing Lets Remote Users Consume CPU Resources With SOAP Requests
[1008425] Microsoft IE Does Not Properly Display Some URLs
[1008293] Microsoft Internet Explorer Invalid ContentType May Disclose Cache Directory Location to Remote Users
[1008292] Microsoft Internet Explorer MHT Redirect Flaws Let Remote Users Execute Arbitrary Code
[1008245] Microsoft SharePoint May Let Remote Users Access Protected Pages Without Authenticating
[1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
[1008151] Microsoft Works Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1008150] Microsoft Word Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1008149] Microsoft Excel Macro Security Flaw Lets Remote Users Execute Arbitrary Macro Codes
[1008148] Microsoft SharePoint Team Services Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1008147] Microsoft FrontPage Server Extensions Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1008053] Microsoft Internet Explorer IFRAME Refresh Lets Remote HTML Access Local Files
[1008000] Microsoft Internet Explorer Lets Remote Users Execute Arbitrary Files in the Local Zone Using a Specially Crafted IFRAME/Location Header
[1007937] Microsoft Exchange Server Buffer Overflow in Processing Extended Verb Requests May Let Remote Users Execute Arbitrary Code
[1007936] Microsoft Outlook Web Access Input Validation Flaw in 'Compose New Message' Permits Remote Cross-Site Scripting Attacks
[1007935] Microsoft ListBox and ComboBox 'user32.dll' Buffer Overflow May Allow Local Users to Gain Elevated Privileges
[1007934] Microsoft Help and Support Center HCP Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code With Local Computer Privileges
[1007931] Microsoft Authenticode Low Memory Flaw May Let Remote Users Execute Arbitrary Code
[1007750] Microsoft BizTalk Server Default Directory Permissions May Let Remote Users Deny Service
[1007689] Microsoft Internet Explorer Media Sidebar Flaw Lets Remote Users Execute Arbitrary Code on the System
[1007687] Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains
[1007618] Microsoft Visual Basic for Applications (VBA) in Multiple Microsoft Products Permits Remote Code Execution
[1007617] Microsoft Converter for WordPerfect Has Buffer Overflow That Lets Remote Users Execute Arbitrary Code
[1007616] Microsoft Word Document Validation Error Lets Macros Run Without Warning
[1007614] Microsoft Access Snapshot Viewer ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1007599] Microsoft Outlook May Fail to Delete Outlook Data From the PST File
[1007538] Microsoft Internet Explorer Buffer Overflow in CR549.DLL ActiveX Control Permits Remote Code Execution
[1007537] Microsoft Internet Explorer Object Tag Flaw Lets Remote Users Execute Arbitrary Code
[1007536] Microsoft Internet Explorer Cache Script Flaw Lets Remote Users Execute Code in the My Computer Zone
[1007535] Microsoft MDAC Database Component Lets Remote Users Execute Arbitrary Code
[1007507] RSA SecurID Interaction With Microsoft URLScan May Disclose URLScan Configuration to Remote Users
[1007493] Microsoft Visual Studio Buffer Overflow in 'mciwndx.ocx' May Let Remote Users Execute Arbitrary Code
[1007388] Microsoft WebServer Beta for Pocket PC Yields Administrative Access to Remote Users
[1007306] Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages
[1007287] Windows Media Player Again Lets Remote Users Install and Execute Code
[1007280] Microsoft Data/Desktop Engine Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code
[1007279] Microsoft SQL Server Named Pipe and LPC Flaws Let Local Users Execute Arbitrary Code
[1007278] Microsoft DirectX Heap Overflow in Loading MIDI Files Lets Remote Users Execute Arbitrary Code
[1007265] Microsoft MDAC ODBC Component May Store Database Passwords in Plaintext in the Registry
[1007262] Microsoft IIS 6.0 Vulnerabilities Permit Cross-Site Scripting and Password Changing Attacks Against Administrators
[1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
[1007206] Microsoft SMTP Service Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header
[1007205] Microsoft Exchange Server Can Be Crashed By Remote Users Sending Mail With an Invalid FILETIME Header
[1007190] Microsoft Internet Explorer 'Chromeless' Window May Let Remote Users Spoof Various User Interface Characteristics
[1007189] WebShield SMTP for Windows NT Lets Remote Users Send Executables Through the Filter
[1007172] Microsoft Jet Database Engine Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1007154] Microsoft SMB Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
[1007133] Microsoft Outlook Web Access (OWA) May Disclose The User's OWA Password to Remote Users
[1007126] Microsoft Internet Explorer Can By Crashed By Loading 'C:\aux' URL
[1007098] Microsoft Commerce Server Discloses SQL Server Password to Local Users
[1007094] Microsoft NetMeeting Directory Traversal Flaw Lets Remote Users Execute Arbitrary Code
[1007072] Microsoft Internet Explorer Buffer Overflow in Processing Scripted 'HR' Tags Lets Remote Users Execute Arbitrary Code
[1007070] Symantec Norton Anti-Virus Protection Fails to Detect Viruses on Floppy Diskettes Windows-XP
[1007022] SurfControl for Microsoft ISA Server Discloses Files to Remote Users
[1007008] Microsoft Internet Explorer XML Parsing Error Lets Remote Users Conduct Cross-Site Scripting Attacks
[1007007] Microsoft Internet Explorer Custom HTTP Error Pages May Let Remote Users Execute Scripts in the Local Computer Zone
[1006924] Microsoft Internet Explorer Input Validation Flaw in Displaying FTP Site Names Lets Remote Users Execute Arbitrary Scripting Code in Arbitrary Domains
[1006918] Microsoft Internet Explorer (IE) Object Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1006901] Microsoft UrlScan Default Configuration Displays Identifying Characteristics to Remote Users
[1006867] Microsoft IIS Buffer Overflow Lets Remote Users With Upload Privileges Execute Code - Remote Users Can Also Crash the Service
[1006844] Microsoft Internet Connection Firewall Fails to Block IP Version 6 Protocol
[1006809] Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files
[1006808] Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm
[1006807] Microsoft Outlook May Be Affected by W32/Palyh@MM Mass-Mailing Worm
[1006789] Microsoft ISA Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains
[1006774] Microsoft Internet Explorer May Execute Arbitrary Code in the Wrong Security Domain When Processing Large Numbers of Download Requests
[1006771] Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash
[1006748] Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
[1006747] Microsoft Outlook May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
[1006728] Microsoft .NET Passport Passwords, Including Hotmail Passwords, Can Be Changed By Remote Users
[1006718] Windows Media Player Skin File Processing Lets Remote Users Write Arbitrary Files to Arbitrary Locations
[1006704] Microsoft IIS Authentication Manager Discloses Validity of User Names to Remote Users
[1006696] Microsoft Internet Explorer Web Folder Access Flaw Lets Remote Users Execute Arbitrary Scripting Code in the My Computer Zone
[1006691] Microsoft MN-500 Wireless Base Station Backup Configuration File Discloses Administrator Password
[1006686] Microsoft BizTalk Server Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1006634] Microsoft Internet Explorer Bugs (URLMON.DLL Buffer Overflow, File Upload Control Bypass, Plug-in URL Input Validation Flaw, CSS Modal Dialog Input Validation Flaw) Let Remote Users Execute Arbitrary Code or Access Local Files
[1006608] Microsoft NTLM Authentication Protocol Flaw Lets Malicious SMB Servers Gain Access to Systems
[1006607] Windows XP Service Control Manager Timing Flaw in Service Shutdown May Disclose Sensitive Information to Local Users
[1006599] Microsoft REGEDIT.EXE May Let Local Users Gain Elevated Privileges
[1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
[1006533] Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic
[1006361] Microsoft ActiveSync Application Can Be Crashed By Remote Users
[1006322] Microsoft ISA Server DNS Intrusion Detection Flaw Lets Remote Users Block DNS Inbound Requests
[1006305] Microsoft IIS Web Server WebDAV Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
[1006257] Microsoft Internet Explorer Buffer Overflow in Processing '.MHT' Web Archives Lets Remote Users Execute Arbitrary Code
[1006169] Microsoft Internet Explorer Vulnerable Codebase Object Lets Remote Users Execute Arbitrary Code
[1006148] Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code
[1006046] Microsoft Internet Explorer showHelp() Domain Security Flaw Lets Remote Users Execute Commands
[1006036] Microsoft Internet Explorer May Let Remote Users Read or Write Files Via the dragDrop() Method
[1005966] Microsoft Outlook May Fail to Encrypt User E-mail, Disclosing the Contents to Remote Users
[1005964] Microsoft Locator Service Buffer Overflow Lets Remote Users Execute Arbitrary Code with System Level Privileges
[1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
[1005857] Microsoft Internet Explorer Bug in Loading Multimedia Files May Let Remote Users Execute Arbitrary Scripting Code in Other Domains
[1005796] Microsoft SMB Signing Flaw May Let Remote Users With Access to an SMB Session Gain Control of a Network Client
[1005757] Microsoft Outlook Bug in Processing Malformed E-mail Headers Lets Remote Users Crash the Client
[1005751] SMB2WWW Web-Based Windows Networking Client Bug Lets Remote Users Execute Arbitrary Programs
[1005747] Microsoft Internet Explorer showModalDialog() Input Validation Flaw Lets Remote Users Execute Arbitary Scripting Code in Any Security Zone
[1005723] OpenWindows mailtool(1) Client for Sun Solaris Can Be Crashed By Remote Users
[1005699] Microsoft Internet Explorer (IE) Java Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions
[1005698] Microsoft Java Virtual Machine (VM) Class Loader Security Flaw Lets Remote Users Bypass Java Security Restrictions
[1005674] Microsoft Internet Explorer Buffer Overflow in Processing PNG Images Allows Denial of Service Attacks
[1005672] Microsoft Internet Explorer MDAC Component Buffer Overflow Allows Remote Users to Execute Arbitrary Code
[1005671] Microsoft Data Access Components (MDAC) Buffer Overflow Allows Remote Users to Execute Arbitrary Code
[1005505] Microsoft Internet Information Server (IIS) Script Access Control Bug May Let Remote Authenticated Users Upload Unauthorized Executable Files
[1005504] Microsoft Internet Information Server (IIS) WebDAV Memory Allocation Flaw Lets Remote Users Crash the Server
[1005503] Microsoft Internet Information Server (IIS) Administrative Pages Allow Cross-Site Scripting Attacks
[1005502] Microsoft Internet Information Server (IIS) Out-of-Process Access Control Bug Lets Certain Authenticated Users Gain Full Control of the Server
[1005489] Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage
[1005466] Microsoft Internet Explorer Cached Object Flaw Lets Remote Users Execute Arbitrary Programs on the Target User's Computer
[1005436] Microsoft Data Engine/Desktop Engine (MSDE) Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges
[1005435] Microsoft SQL Server Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges
[1005416] Microsoft Internet Explorer Flaw in WebBrowser Control Document Property Lets Remote Users Run Code in the My Computer Security Zone
[1005405] Microsoft Outlook Express Buffer Overflow in Parsing S/MIME Messages Lets Remote Users Execute Arbitrary Code
[1005395] Microsoft Content Management Server Input Validation Bug in 'ManualLogin.asp' Allows Cross-Site Scripting Attacks
[1005377] Microsoft MSN Hotmail/Passport Login Page May Permit Cookie Stealing Via Cross-Site Scripting Attacks
[1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
[1005339] Microsoft Services for Unix Interix SDK Bugs May Allow Denial of Service Conditions or May Execute Arbitrary Code
[1005338] Microsoft Data/Desktop Engine (MSDE) Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1005337] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1005296] Microsoft PPTP Service Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1005287] Microsoft FrontPage Server Extensions SmartHTML Interpreter Bugs May Let Remote Users Execute Arbitrary Code with System Privileges
[1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
[1005246] Microsoft Remote Desktop Protocol (RDP) Design Flaw May Disclose Information About the Unencrypted Data to Remote Users and May Let Data Be Modified During Transmission
[1005243] Microsoft NetMeeting Remote Desktop Sharing Screen Saver Access Control Flaw Lets Physically Local Users Hijack Remote Sessions
[1005223] (Microsoft Responds) Microsoft Word Document Processing File Include Bug May Let Remote Users Obtain Files From a Target User's System
[1005210] Apple QuickTime Media Player Buffer Overflow Lets Remote Users Execute Arbitrary Code on Windows Systems
[1005207] Microsoft Outlook Express Can Be Crashed By Remote Users Sending HTML Mail With Long Links Embedded
[1005203] Microsoft Internet Explorer Frame Domain Security Bug Lets Remote Users Execute Arbitrary Code in the Local Computer Zone Via Frame URLs
[1005200] Microsoft Internet Explorer Implementation Bugs in Java Native Methods May Let Remote Users Execute Arbitrary Code Via Malicious Applets
[1005182] Microsoft Internet Explorer URL Decoding Inconsistency May Result in a Web Page Loading in the Incorrect Security Domain
[1005177] Microsoft Visual FoxPro Filename Processing Bug Lets Remote Users Create HTML That Will Cause Arbitrary Code to Be Executed When the HTML is Loaded
[1005128] Microsoft Internet Explorer XML Script Element Redirect Bug Lets Remote Users View XML Files on the Target User's Computer
[1005127] Microsoft Visual Studio .NET Web Projects May Disclose the Web Directory Structure to Remote Users
[1005123] Microsoft Internet Explorer Buffer Overflow in Unspecified Text Formatting ActiveX Control Lets Remote Users Execute Arbitrary Code
[1005120] Microsoft Terminal Services Advanced Client (TSAC) ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
[1005119] Microsoft Operating System SMB Protocol Implementation in the Network
[1005112] Microsoft File Transfer Manager ActiveX Control Buffer Overflow May Let Remote Users Execute Arbitrary Code
[1005083] Microsoft Internet Information Server (IIS) Web Server Fails to Properly Validate Client-side Certificates, Allowing Remote Users to Impersonate Other Users or Certificate Issuers
[1005075] Microsoft Internet Explorer XMLDSO Java Class Lets Remote HTML Code Access Local Files
[1005071] Microsoft DirectX Files Viewer ActiveX Control Has Buffer Overflow That Allows Remote Users to Execute Arbitrary Code
[1005067] Microsoft Desktop Engine (MSDE) Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges
[1005066] Microsoft SQL Server Extended Stored Procedures May Let Local Users Execute Commands With Database Administrator Privileges
[1005065] Microsoft Network Connection Manager Could Give a Local User System Level Privileges
[1004997] Citrix MetaFrame Running on Windows NT4 Terminal Server Can Be Crashed By a Remote User via the Java ICA Web Terminal Interface
[1004986] Microsoft Content Management Server Buffer Overflow in Authentication Function May Allow Remote Users to Execute Arbitrary Code With System Level Privileges
[1004983] Microsoft Visual C++ Flaw in calloc() and Similar Functions May Result in Buffer Overflows in Applications That Use the Compiler or Runtime Library
[1004965] Microsoft Internet Explorer SSL Implementation Flaw in Following Certificate Chains Allows Remote Users to Conduct Man-in-the-Middle Attacks to Obtain Unencrypted Data from the Browser
[1004937] Windows 2000 Operating System Default Permissions for the System Partition Lets Local Users Bypass Individual File Permissions and Replace Key System Files
[1004927] Microsoft Terminal Services Can Be Crashed By Remote Users Conducting a TCP SYN Scan in Certain Situations
[1004917] Microsoft SQL Server MDAC Function Buffer Overflow May Let Remote Users Execute Arbitrary Code to Gain Full Control Over the Database
[1004877] Microsoft Internet Explorer (IE) Web Browser JavaScript 'Same Origin Policy' Flaw Allows Remote Users to Create Malicious JavaScript to Retrieve Web Data from a Victim's Internal Network
[1004862] Microsoft Outlook Express Flaw in Parsing XML Using Internet Explorer Allows a Remote User to Silently Deliver and Install an Executable on a Target User's Computer
[1004831] Microsoft Data Engine (MSDE) Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service
[1004830] Microsoft SQL Server Buffer Overflow in Database Consistency Checker May Let Remote Authenticated Users Execute Arbitrary Code with the Privileges of the Database Service
[1004829] Microsoft SQL Server Resolution Service Buffer Overflows Let Remote Users Execute Arbitrary Code with the Privileges of the SQL Service
[1004828] Microsoft Exchange Server Buffer Overflow in Processing SMTP EHLO Command Lets Remote Users Execute Arbitrary Code on the Server with System Level Privileges
[1004827] Microsoft Metadirectory Services Authentication Flaw May Let Remote Users Modify Data and Obtain Elevated Privileges on the System
[1004805] Microsoft Outlook Express (and Possibly Outlook) Has File Attachment Name Bugs That Let Remote Users Send Malicious Mail to Bypass Attachment Type Filters and Modify the Apparent File Name and File Size
[1004761] Microsoft Foundation Classes (MFC) Information Server Application Programming Interface (ISAPI) 'mfc42.dll' Contains Buffer Overflows That Can Crash the System or Possibly Allow for the Remote Execution of Arbitrary Code
[1004757] Microsoft IIS SMTP Service Encapsulation Bug Lets Remote Users Relay Mail and Send SPAM Via the Service
[1004746] Microsoft Internet Explorer Flaw in OBJECT Domain Security Enforcement Lets Remote Users Execute Code in Arbitrary Domains
[1004744] Microsoft SQL Server Install Process May Disclose Sensitive Passwords to Local Users
[1004739] Microsoft SQL Server Desktop Engine (MSDE) Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges
[1004738] Microsoft SQL Server Buffer Overflow and Access Control Bug May Let Remote Authorized Users Execute Code with Elevated Privileges, Possibly Including Local System Privileges
[1004713] Worldspan for Windows Gateway Software Can Be Crashed By Remote Users Sending Malformed Packets
[1004686] APC PowerChute Plus for Windows Default Configuration Creates a Shared Folder with World Writeable Permissions
[1004646] ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code
[1004638] Windows Media Player May Let Remote Users Execute Code on a Target User's Computer or Let Local Users Gain Elevated Privileges
[1004637] Microsoft Commerce Server Buffer Overflows and Other Flaws Let Remote Users Execute Arbitrary Code with LocalSystem Privileges
[1004618] Microsoft Internet Explorer Can Be Crashed By Malicious AVI Object in HTML
[1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
[1004595] Microsoft Word Documents May Execute Remotely Supplied Macro Code Under Certain Conditions
[1004594] Microsoft Excel Spreadsheet May Execute Remotely Supplied Macro Code Within Malicious Documents
[1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
[1004569] Microsoft Visual Studio .NET Korean Language Version Contains Nimda Virus
[1004544] Microsoft SQL Server Buffer Overflow in 'pwdencrypt()' Function May Let Remote Authorized Users Execute Arbitrary Code
[1004542] Lumigent Log Explorer Buffer Overflow May Let Remote Users Crash the Microsoft SQL Server Service or Execute Arbitrary Code on the System
[1004541] Compaq Insight Manager May Include a Vulnerable Default Configuration of Microsoft MSDE/SQL Server That Allows Remote Users to Execute Commands on the System
[1004529] Microsoft Remote Access Service (RAS) Phonebook Buffer Overflow May Let Local Users Execute Arbitrary Code with Local System Privileges
[1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
[1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
[1004526] Microsoft Internet Information Server (IIS) Heap Overflow in HTR ISAPI Extension While Processing Chunked Encoded Data Lets Remote Users Execute Arbitrary Code
[1004518] Microsoft Proxy Server Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server
[1004517] Microsoft Internet Security and Acceleration Server (ISA) Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Server to Gain Full Control of the Server
[1004486] Microsoft ASP.NET Buffer Overflow in Processing Cookies in StateServer Mode May Let Remote Users Crash the Service or Execute Arbitrary Code on the Server
[1004479] Microsoft Internet Explorer May Execute Remotely Supplied Scripting in the My Computer Zone if FTP Folder Viewing is Enabled
[1004464] Microsoft Internet Explorer Buffer Overflow in Processing Gopher Protocol Responses Allows Remote Users to Execute Code on the Victim's Computer
[1004436] Microsoft Internet Explorer Allows HTML-Delivered Compiled Help Files to Be Automatically Executed on the Target User's Computer
[1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
[1004372] Microsoft Excel Spreadsheet XML Stylesheet ActiveX Object Flaw Lets Remote Users Create Malicious Excel Spreadsheets That May Execute Arbitrary Code When Opened With the XML Stylesheet Option
[1004369] Microsoft Active Directory May Have Bug That Allows Remote Users to Crash the Directory
[1004361] Microsoft Date Engine (MSDE) Default Configuration Leaves Blank Password for System Administrator Account
[1004360] Opty-Way Enterprise Glassworks Management Application Installs Microsoft Data Engine Insecurely, Allowing Remote Users to Execute Commands on the System
[1004350] Deerfield WebSite Pro Windows-based Web Server May Disclose CGI Source Code to Remote Users in Certain Cases
[1004304] Microsoft Internet Explorer (IE) New Content-Disposition Bugs May Let Remote Users Execute Arbitrary Code on the Victim's Computer
[1004300] Microsoft Internet Explorer (IE) Zone Spoofing Hole Lets Remote Users Create HTML That, When Loaded, May Run in a Less-Secure IE Security Zone
[1004290] Microsoft Internet Explorer Bugs in 'BGSOUND' and 'IFRAME' Tags Let Remote Users Create HTML That Will Cause Denial of Service Conditions or Will Access Special DOS Devices
[1004259] Network Associates PGP 'Wipe Deleted Files' Option Fails to Wipe Clear Text Temporary Files Used by the Windows 2000 Encrypted File System Feature
[1004251] Microsoft Exchange Instant Messenger ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code
[1004250] Microsoft MSN Messenger Includes an ActiveX Control That Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code
[1004249] Microsoft MSN Chat Control ActiveX Control Has 'ResDLL' Parameter Buffer Overflow That Lets Remote Users Execute Arbitrary Code
[1004229] Microsoft Office 'Word Mail Merge' Feature Allows Remote Users to Cause Arbitrary Programs to Be Executed on the Target User's Computer
[1004226] Microsoft MSN Messenger Instant Messaging Client Malformed Header Processing Flaw Lets Remote Users Crash the Client
[1004197] Microsoft Internet Explorer Can Be Crashed By Incorrectly Sized XBM Graphics Files
[1004157] Microsoft Outlook Weak Security Enforcement When Editing Messages with Microsoft Word Lets Remote Users Send Malicious Code to Outlook Recipients That Will Be Executed When Forwarded or Replied To
[1004146] Microsoft Internet Explorer Browser Can Be Crashed By Remote HTML Containing Malicious Image Tags That Cause Infinite Processing Loops
[1004130] Microsoft MSN Messenger Instant Messaging Client Discloses Buddy List to Local Users
[1004121] Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users With OLE OBJECT Element Dependency Loops
[1004109] Microsoft Distributed Transaction Coordinator Can Be Crashed By Remote Users Sending Malformed Packets
[1004090] Microsoft Back Office Web Administration Authentication Mechanism Can Be Bypassed By Remote Users
[1004079] Microsoft Internet Explorer (IE) 'dialogArguments' Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks Against IE Users
[1004051] Microsoft Outlook Express for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
[1004050] Microsoft Office for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
[1004049] Microsoft Internet Explorer for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
[1004048] Microsoft Word Object Creation Flaw Lets Remote Users Create ActiveX That Will Consume Memory on the Victim's Computer
[1004044] Cisco CallManager Affected by Microsoft Internet Information Server (IIS) Bugs
[1004032] Microsoft Internet Information Server (IIS) FTP STAT Command Bug Lets Remote Users Crash Both the FTP and the Web Services
[1004031] Microsoft Internet Information Server (IIS) URL Length Bug Lets Remote Users Crash the Web Service
[1004014] Microsoft Internet Information Server ASP HTTP Header Processing Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server
[1004011] Microsoft Internet Information Server (IIS) Buffer Overflow in ASP Server-Side Include Function May Let Remote Users Execute Arbitrary Code on the Web Server
[1004008] Microsoft Internet Information Server Comes With Code That Allows Remote Users to Conduct Cross-Site Scripting Attacks
[1004006] Microsoft Internet Information Server (IIS) Off-By-One Heap Overflow in .HTR Processing May Let Remote Users Execute Arbitrary Code on the Server
[1004005] Microsoft Internet Information Server Buffer Overflow in Chunked Encoding Mechanism Lets Remote Users Run Arbitrary Code on the Server
[1004002] Microsoft Office Web Components Let Remote Users Determine if Specified Files Exist on Another User's Host
[1004001] Microsoft Office Web Components Let Remote Users Gain Full Read and Write Control Over Another User's Clipboard, Even if Clipboard Access Via Scripts is Disabled
[1004000] Microsoft Office Web Components Let Remote Users Write Code to Run in the Victim's Local Security Domain and Access Local or Remote Files
[1003999] Microsoft Office Web Components in Office XP Lets Remote Users Cause Malicious Scripting to Be Executed By Another User's Browser Even If Scripting is Disabled
[1003948] Microsoft Internet Explorer Cascading Style Sheets (CSS) Invalid Attribute Bug Lets Remote Users Read Portions of Files on the Victim's Computer
[1003932] Microsoft Office XP Active Content Bug Lets Remote Users Cause Code to Be Executed on an Office User's Computer
[1003922] Microsoft Outlook Web Access With SecurID Authentication May Allow Remote Users to Avoid the SecurID Authentication in Certain Cases
[1003915] Microsoft Internet Explorer Browser Security Zone Flaw Lets Remote Users Cause Cookie-based Scripts to Be Executed on Another User's Browser in the Incorrect Security Domain
[1003907] Microsoft Internet Explorer Discloses The Existence of and Details of Local Files to Remote Users
[1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
[1003871] Microsoft .NET Unspecified Vulnerabilities May Allow a Remote User to Cause Arbitrary Code to Be Executed on Another User's Systems
[1003856] Microsoft Internet Explorer Can Be Crashed By Malicious 'location.replace' Javascript
[1003839] Microsoft Internet Explorer (IE) 6 Lets Remote Users Cause Files to Be Downloaded and Executed Without the Knowledge or Consent of the Victim
[1003830] Windows NT and 2000 Session Manager Debug Hole Lets Local Users Obtain Handles to Any Process or Thread to Obtain Elevated Privileges on the System
[1003800] A Multitude of Microsoft SQL Server Extended Stored Procedures Have Buffer Overflows That Allow Remote Users to Crash the Database Server or Execute Arbitrary Code on the Server to Gain Full Control of the System
[1003756] Microsoft Internet Information Server 4.0 .HTR Web Application Lets Users Change Their Passwords When the NT Security Policy is Configured to Prohibit Password Changing
[1003744] Microsoft SQL Server 'xp_dirtree' Buffer Overflow Lets Users Crash the Database Service
[1003738] Norton Anti-Virus Corporate Edition Default Configuration for Windows 2000 Lets 'Power Users' Obtain Elevated 'Administrator' Privileges
[1003730] Microsoft Java Virtual Machine in Internet Explorer Lets Remote Malicious Applets Redirect Web Proxy Connections
[1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
[1003685] Microsoft Exchange Server Lets Remote Users Send or Relay Unauthorized Mail (including SPAM) Via the Server
[1003660] Windows Media Player Executes URLs in Windows Media Files that Have Been Renamed as MP3 Files
[1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
[1003630] Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim's Computer By Using Malicious VBScripts
[1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
[1003611] Gator Plugin for Microsoft Internet Explorer Lets Remote Users Install Arbitrary Software on the User's Host
[1003605] Microsoft SQL Server Buffer Overflow Lets Remote Users Crash the Server and May Allow Remote Code to Be Executed on the Database Server
[1003597] Microsoft Outlook Web Access Discloses 'Include' Archive Files in the 'lib' Directory to Remote Users
[1003589] Windows XP Networking Port May Allow Remote Users to Deny Service By Sending a Stream of TCP SYN Packets
[1003582] Microsoft Internet Security Acceleration Server Can Be Affected By Remote Users Conducting a LAND Flood Attack
[1003556] Microsoft Visual C++ Compiler Buffer Security Mode Does Not Eliminate Buffer Overflows in Compiled Applications
[1003546] Microsoft Outlook E-mail Client May Display Potentially Malicious File Attachments Illegally Embedded Within Mail Headers
[1003540] Microsoft Internet Explorer Browser MIME Flaw Causes 'text/plain' Pages to Be Displayed as HTML and Any Embedded Scripting to Be Executed By the Browser
[1003519] Microsoft Internet Explorer (IE) HTML Directive Buffer Overflow Lets Remote Users Cause Arbitrary Code to Be Executed on Another User's Computer
[1003517] Microsoft Internet Explorer (IE) 'Content-Type' Processing Hole Lets Remote Users Open Applications on Another User's Computer
[1003516] Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System
[1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
[1003464] PHP for Windows Discloses Path Information to Remote Users
[1003462] Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers
[1003458] Microsoft Office v. X for Mac OS X Can Be Crashed By Remote Users Sending Malformed Product Identification Packets
[1003446] Microsoft Internet Information Server Can Be Stopped By Local Users Removing Virtual Directories in a Shared Hosting Environment
[1003436] Windows Messenger (aka MSN Messenger) Instant Messaging Client Discloses Display Name and Contacts to Remote Users
[1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users
[1003433] BlackICE Defender Firewall for Windows Can Be Crashed By Remote Users Sending Large Ping Packets
[1003429] mIRC Internet Relay Chat (IRC) Windows Client Buffer Overflow Lets Malicious IRC Servers Execute Arbitrary Code on the Client and Take Full Control of the Client's Host
[1003420] Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users
[1003419] Microsoft Site Server Commerce Edition Lets Remote Users With Valid NT Accounts Upload and Then Execute ASP Scripts on the Server or Consume Disk Space on the Server
[1003415] Microsoft Distributed Transaction Coordinator (MSDTC) Service Can Be Crashed By Remote Users
[1003382] Windows 2000 TCP Stack Bug Lets Remote Users Cause All Memory to Be Consumed on the Server
[1003326] Microsoft Internet Explorer for Macintosh OS Executes Remotely Supplied Commands in AppleScripts
[1003224] Microsoft Internet Information Server (IIS) Version 4 Lets Local Users Modify the Log File Undetected
[1003215] Microsoft Internet Explorer Popup Object Tag Flaw Lets Remote Users Execute Programs on the Browser's Host
[1003135] Microsoft Internet Explorer Can Be Crashed By Remote Users With Javascript That Calls an Endless Loop of Modeless Dialogs
[1003129] AOLserver for Windows Discloses Password-Protected Files to Remote Users
[1003125] Hosting Controller Windows-based Web Hosting Management Software Lets Remote Users Establish Administrator Accounts and Upload and Execute Arbitrary Code on the Server
[1003109] Microsoft Internet Explorer (IE) May Allow Malicious Javascript to Poll a User's System for Known Files
[1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
[1003084] Microsoft Internet Explorer GetObject() Active Scripting Bug Lets Remote Code Access Files on the PC
[1003075] ActivePerl for Windows Discloses Directory Path Location to Remote Users
[1003050] Microsoft Internet Explorer Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users
[1003049] Microsoft Internet Explorer (IE) Text Form Processing Flaw May Cause IE to Crash
[1003043] PGP Plug-in For Microsoft Outlook May Fail to Encrypt E-mail in Certain Situations
[1003042] Microsoft Internet Explorer Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information
[1003040] Microsoft Excel Password Protection Flaw Lets Local Users Obtain Contents of Password-Protect Cells
[1003033] Microsoft C Runtime Format String Flaw Lets Remote Users Crash the Microsoft SQL Server Service
[1003032] Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code in the Security Context of the SQL Server
[1003024] Microsoft Internet Explorer (IE) Web Browser 'document.open()' Scripting Flaw Lets Remote Users Steal Cookies, Read Local Files, and Spoof Web Sites
[1002986] Microsoft Internet Explorer Version 6 Lets Remote Scripts Access and Send Local Files
[1002973] Microsoft Internet Explorer (IE 6) Browser May Automatically and Silently Execute Arbitrary Code from a Remote Web Site When the User Views a Web Page or HTML-based E-mail
[1002968] Citrix ICA Client for Windows Allows Remote Malicious Code to Execute on a User's PC Without Warning
[1002957] Microsoft Internet Information Server Can Be Crashed By Remote Users With HTTP Requests Containing Invalid Content-Length Values
[1002942] Microsoft Internet Explorer May Execute Javascript Contained Within an 'About:' URL in an Unauthorized Security Domain When the URL Contains an Extraneous '%' Character
[1002935] X Windows Temporary File Symlink Error Lets Local Users Deny Service By Overwriting Sensitive Root-Owned Files
[1002919] Microsoft Internet Explorer Browser Can Be Crashed By Certain Image Tags
[1002915] Microsoft Outlook Web Access for Exchange May Execute Remotely Supplied Scripts When a Recipient Views a Malicious E-mail Message
[1002905] Xtel MINITEL Emulator for X Windows Has Symlink Vulnerability That Could Let Local Users Obtain Elevated Privileges
[1002885] Microsoft Internet Explorer Can Be Crashed By Malicious Javascript Causing a Stack Overflow in setTimeout() Function
[1002823] Microsoft Internet Explorer Fails to Enforce Cookie Prompting Preferences for Local Security Zone
[1002820] Microsoft Internet Explorer Allows Malicious Web Pages to Spoof Downloadable File Types And Execute Code on the User's Computer When Opened Directly from the Browser
[1002819] Microsoft Internet Explorer ActiveX Flaw Permits Remote Malicious HTML Code Containing an 'htmlfile' or 'htmlfile_FullWindowEmbed' Object to Access Local Files and Potentially Execute Commands
[1002802] Microsoft Help and Support Center Software (helpctr.exe) Has Buffer Overflow That May Allow a Remote User to Cause Arbitrary Code to Be Executed on a User's PC
[1002778] Microsoft Internet Information Server (IIS) Lets Remote Users Create Bogus Web Log Entries
[1002775] Windows Media Player Buffer Overflow in ASF File Processing Lets Malicious Media Files Execute Arbitrary Code on a User's PC
[1002772] Microsoft Internet Explorer Cookie Disclosure Fix Discloses Patch Information to Remote Users
[1002733] Microsoft IIS 4.0 Configuration Error May Allow Remote Users to Obtain Physical Directory Path Information
[1002728] Microsoft SQL Server May Disclose Database Passwords When Creating Data Transformation Service (DTS) Packages
[1002702] Microsoft Passport May Disclose Wallet Contents, Including Credit Card and Contact Information, to Remote Users
[1002693] Microsoft Internet Security and Acceleration Server UDP Fragmentation Processing Can Cause 100% of CPU Resources to Be Consumed
[1002665] Compaq's DECwindows Motif Server for OpenVMS Allows Local Users to Gain Unauthorized Access to Data and System Resources
[1002651] Microsoft Internet Information Server (IIS) May Disclose PHP Scripting Source Code
[1002641] RSA SecurID ACE/Agent Software for Windows Can Be Forced into Debug Mode By Remote Users Without Authentication, Potentially Disclosing Information to Remote Users When Certain Programs Crash
[1002626] Macintosh Cients Using Windows 2000 NTFS Volumes May Modify Directory Permissions in Certain Cases
[1002595] Microsoft Internet Explorer Has Fixed Security Zone for about: URLs and Has Shared Cookie Flaw That Diminishes Cross-Site Scripting Protections
[1002594] Microsoft Internet Explorer for Mac OS X is Configured to Automatically Execute Downloaded Files
[1002581] Microsoft Terminal Servers Can Be Crashed By Remote Users Sending Certain Remote Desktop Protocol (RDP) Packets
[1002560] Internet Explorer Sends Potentially Sensitive Web Browser Contents to Microsoft via the Network When an Error Occurs
[1002559] Microsoft Office XP Sends Potentially Sensitive Information to Microsoft Via the Network When an Error Occurs
[1002526] Microsoft Internet Explorer (IE) Web Browser Has Multiple URL-related Flaws That May Allow for Remote Code Execution, Remote HTTP Request Generation, and Application of Incorrect Security Restrictions
[1002487] Microsoft PowerPoint Macro Security Features Can Be Bypassed by Malformed PowerPoint Documents
[1002486] Microsoft Excel Macro Security Features Can Be Bypassed by Malformed Excel Documents
[1002456] Microsoft Outlook Web Access Directory Validation Flaw Lets Remote Users Consume CPU Resources by Requesting Mail from Nested Folders
[1002421] Microsoft Index Server Sample File Discloses File Information to Remote Users
[1002413] Microsoft Outlook Express Will Execute Active Scripting in Plain Text E-mail Messages, Circumventing Some Scripting Controls
[1002385] Norton Anti-Virus For Microsoft Exchange Discloses User Path Information to Remote Users
[1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
[1002331] Internet Security Systems RealSecure Intrusion Detection Misses '%u' Encoded Attacks Against Microsoft Web Servers
[1002330] Cisco Catalyst 6000 Intrusion Detection System Module Fails to Detect '%u' Encoding Obfuscation Attacks Against Microsoft Web Servers
[1002329] Dragon Sensor Intrusion Detection System Does Not Detect Certain Attacks Against Microsoft Web Servers
[1002327] Snort Network Intrusion Detection System Will Not Detect '%u' URL Encoding Attacks Against Microsoft Web Servers
[1002326] Cisco Secure Intrusion Detection System (NetRanger) Fails to Detect Certain Attacks Against Microsoft Web Servers
[1002317] Microsoft DNS Server Software Susceptible to DNS Cache Poisoning in Default Configuration, Allowing Remote Users to Inject False DNS Records in Certain Situations
[1002269] Microsoft Outlook Web Access with SSL Can Be Crashed by Remote Users
[1002225] Windows 2000 IrDA Infrared Device Driver Lets Infrared Users Crash the System
[1002212] Microsoft IIS Web Server Contains Multiple Vulnerabilities That Allow Local Users to Gain System Privileges and Allow Remote Users to Cause the Web Server to Crash
[1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
[1002183] The Matrix Screen Saver for Windows Lets Physically Local Users Bypass the Password Mechanism and Access the System
[1002161] Microsoft Internet Information Server (IIS) Web Server Discloses Internal IP Addresses or NetBIOS Host Names to Remote Users
[1002159] Windows Media Player ASF Marker Table Overflow Lets Remote Users Crash the Player in Certain Situations
[1002134] Identix BioLogon Client for Windows Fails to Secure Screen Saver Logins in Certain Multi-monitor Configurations, Allowing Physically Local Users to Access the System Without Requiring Biometric Authentication
[1002105] Microsoft SQL Database Server RPC Input Validation Failure Lets Remote Users Crash the Database Service
[1002104] Microsoft Exchange Server RPC Input Validation Failure Lets Remote Users Crash the Exchange Service
[1002089] SnapStream Personal Video System for Windows Lets Remote Users Obtain Files on the System, Including One Containing Unencrypted SnapStream Passwords
[1002088] Windows Media Player Allows Malicious Media Files to Execute Arbitrary Code on the Player's Host
[1002075] Microsoft Services for Unix Memory Leak in Telnet and NFS Services Allows Remote Users to Crash the Operating System
[1002048] Windows 2000 May Disclose Descriptive Information To Local Users Attempting Password Guessing with the NetUserChangePassword API
[1002028] Microsoft Exchange LDAP Service Can Be Crashed By Remote Users
[1002006] Cygwin Tar File Archive Extraction Utility Lets Malicious Tar Files Write to Windows Devices When Extracted
[1002005] UnZip Lets Malicious Tar Files Write to Windows Devices When Extracted
[1002004] RAR File Archive Extraction Utility Lets Malicious Archives Write to Some Windows Devices on Extraction
[1002003] PKZIP Lets Malicious Zip Files Write to Windows Devices When Unzipping Zip Files
[1002002] WinZip Utility Lets Malicious Zip Files Write to Windows Devices on Extraction
[1001984] Microsoft Outlook Allows Rogue HTML to Execute Arbitrary Commands on the User's Host
[1001971] IBM DB2 Database Software for Windows Can Be Crashed By Remote Users
[1001923] Microsoft's Internet Information Server's ASP Processor Can Be Crashed by Remote Users in Certain Situations
[1001904] vWebServer for Windows Discloses ASP Source Code to Remote Users and Can Be Crashed Remotely
[1001819] Microsoft NetMeeting Can Be Crashed By Remote Users
[1001818] Microsoft Internet Information Server (IIS) Web Server Discloses ASP Source Code When Installed on FAT-based Filesystem
[1001816] Microsoft Visual Studio RAD Support Component of FrontPage Lets Remote Users Execute Arbitrary Code on the FrontPage Server
[1001815] Microsoft Word May Execute Macros in Malformed Word Documents Without Warning Even if Macros are Disabled
[1001778] Cisco TFTP Server for Windows Discloses Any File on the System to Remote Users
[1001775] Microsoft Index Server Lets Remote Users Execute Arbitrary Code With System Level Privileges, Giving Remote Users Full Control of the Operating System
[1001763] Rxvt X-Windows Terminal Emulator Lets Local Users Obtain utmp Group Privileges
[1001734] Microsoft SQL Server May Let Remote Authenticated Users Take Full Control of the Database Server and the Underlying Operating System
[1001727] TrendMicro's InterScan VirusWall for Windows NT Allows Remote Users to Modify the Configuration Without Authentication
[1001699] Microsoft Internet Explorer Web Browser May Allow Remote Users to Read Some Text Files on the Browser's Hard Drive
[1001696] Microsoft Exchange Server's Outlook Web Access (OWA) Lets Remote Users Execute Arbitrary Code on the OWA User's Web Browser
[1001687] Microsoft Outlook Express May Allow A Remote User to Obtain E-mail Destined for a Different User
[1001673] Pragma InterAccess Telnet Server for Windows 95/98 Lets Remote Users Crash the Server
[1001661] Microsoft Hotmail May Allow a Worm to Send Mail to Other Destinations Listed in a Remote User's Inbox
[1001610] HyperTerminal Telnet Client for Windows Allows Local Users to Cause Arbitrary Code to be Executed by the Client
[1001576] eEye Digital Security's SecureIIS Application Firewall for Microsoft Web Servers Fails to Filter Certain Web URL Characters, Allowing Remote Users to Bypass the SecureIIS Firewall
[1001562] Microsoft Internet Explorer Allows Remote Web Sites to Cause a Different Web URL Address to Be Displayed in the Browser's Address Bar, Allowing Rogue Web Sites to Spoof the Browser and Masquerade as Different Web Sites
[1001561] Microsoft Internet Explorer Web Browser Fails To Validate Digital Certificates in Some Configurations, Allowing Rogue Secure Web Sites to Spoof the Browser and Masquerade as a Different Secure Web Site
[1001538] Older Version of Microsoft Internet Explorer Web Browser Can Be Crashed By Remote Users
[1001537] Microsoft's Internet Information Server's FTP Services May Give Remote Users Information About User Account Names on the Server's Domain and Trusted Domains
[1001535] Microsoft's Internet Information Server's FTP Services Can Be Crashed By Remote Users
[1001530] Microsoft IIS Web Server Allows Remote Users to Execute Commands on the Server Due to CGI Decoding Error
[1001525] Earlier Version of LiteServe Web Server for Windows Can Be Crashed By Remote Users
[1001517] Denicomp Systems REXECD Remote Exec Server for Windows Can Be Crashed By Remote Users
[1001516] Denicomp Systems RSHD Remote Shell Server for Windows Can Be Crashed By Remote Users
[1001512] Microsoft Index Server for NT Can Be Crashed By Local Users, Allows Local Users to Execute Arbitrary Code With System Level Privileges, and Lets Remote Users View Certain Include Files
[1001483] Microsoft IIS Web Server Lets Remote Users Restart the Web Server with Another Specially Crafted PROPFIND XML Command
[1001445] Microsoft Internet Security and Acceleration Server May Allow Remote Users to Execute Arbitrary Code on the Firewall
[1001424] Microsoft Internet Explorer Can Consume All Memory Due to Malicious HTML Code
[1001407] WFTPD Pro FTP Server for Windows Allows Remote Users to Crash the Server [Vendor Vigorously Disputes This Claim]
[1001402] Microsoft IIS Web Server Can Be Effectively Shutdown By Certain Internal-Network Attacks When The Underlying OS Supports User Account Lockouts
[1001396] mIRC Internet Relay Chat Client for Windows Allows Remote Users to Control Other Users' Clients
[1001380] Microsoft Internet Explorer and Outlook Express May Execute Arbitrary Code Without User Authorization or Intervention
[1001344] Microsoft Internet Explorer May Not Display File Extensions in Certain Cases
[1001330] Microsoft ActiveSync Software for Portable Computing Devices Allows Portable Devices to Access Files on a Locked Server
[1001319] Microsoft Internet Security and Acceleration Server Can Be Crashed By Remote Users
[1001311] Netscape's SmartDownload Can Automatically Execute Arbitrary Code Without User Intervention or Knowledge for Both Netscape and Microsoft Browsers
[1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
[1001272] PGP Encryption Software for Windows May Allow Arbitrary Files to Be Created That May Lead to Arbitrary Code Execution
[1001255] Microsoft's Ping.exe Allows Local Users to Cause Certain Applications to Crash
[1001221] E-Mail Clients that use Microsoft Internet Explorer to Process HTML May Disguise Executable Attachments as Data Files
[1001219] Microsoft's Internet Security and Acceleration Server Performance Can Be Significantly Affected By Remote Users Under Certain Configurations
[1001216] Microsoft Internet Explorer Can Be Made to Execute Arbitrary Files on the User's Computer
[1001213] Tomcat Java Server for Windows Allows Remote Users to List Files Outside of the Server's Root Directory
[1001211] TrendMicro's ScanMail E-Mail Virus Scanner for Microsoft Exchange Discloses Administrative System Usernames and Passwords
[1001210] Microsoft Internet Explorer Allows Malicious Web Pages to Retrieve Files from the User's Computer
[1001209] Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash
[1001197] Microsoft Internet Explorer May Automatically Execute Certain E-mail Attachments
[1001187] Microsoft Internet Explorer Is Vulnerable to Malicious Web Pages That May Obtain the User's Exchange E-mail Messages and May Access Restricted Web Server Directory Listings
[1001172] Microsoft Visual Studio Could Allow Users to Crash the Debugger or to Execute Code on the Server
[1001163] Microsoft's Dr. Watson Diagnostic Utility May Reveal Passwords and Other Sensitive Information
[1001147] Microsoft Outlook Express Crashes When Reading Certain E-mail Messages
[1001142] Microsoft Internet Explorer Does Not Check for Revoked Digital Certificates (Two Fraudlent Certificates Are Known to Exist)
[1001139] SurfControl for Microsoft Proxy Server May Fail to Block Sites
[1001123] Microsoft's FTP Server May Allow Remote Users to Deny Service on the Server
[1001116] Microsoft Personal Web Server Contains An Old Internet Information Server (IIS) Vulnerability Allowing Unauthorized Directory Listings and Possible Code Execution For Remote Users
[1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
[1001087] SSH's Secure Shell for Windows 2.4 Can Be Crashed By Remote Users
[1001050] Microsoft IIS 5.0 Web Server Can Be Restarted Remotely By Any User
[1000989] Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory
[1000988] TranSoft's Broker FTP Server for Windows Allows File and Directory Access and FTP Command Execution Outside of the Server's Root Directory
[1000987] Texas Imperial Software's WFTPD Pro FTP Server for Windows NT/2000 May Execute Arbitrary Code and Can Be Crashed Remotely
[1000986] SunFTP (A Windows-Based FTP Server) Allows Read and Write Access to Files and Directories Outside of the Server's Root Directory
[1000945] BadBlue's Windows-Based Web Server Can Be Crashed Via the Network and May Display Full Path Names
[1000940] Windows 2000's WINMM.DLL Can Locally Crash WINLOGIN.EXE
OSVDB - http://www.osvdb.org:
[96197] Microsoft Windows TCP/IP Stack Crafted ICMPv6 Packet Handling Remote DoS
[96195] Microsoft Windows NAT Driver Crafted ICMP Packet Handling Remote Memory Corruption DoS
[96194] Microsoft Windows Asynchronous RPC Request Handling Remote Code Execution
[96193] Microsoft Windows Unicode Scripts Processor (USP10.DLL) Uniscribe Font Parsing Engine Unspecified Memory Corruption
[96180] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3196)
[96179] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3197)
[96178] Microsoft Windows Kernel Address Value Handling Unspecified Local Memory Corruption (2013-3198)
[95667] Microsoft Windows XP Wireless Preferred Network List (PNL) Remote Disclosure
[95589] Microsoft Windows Mobile Wireless Preferred Network List (PNL) Remote Disclosure
[94987] Microsoft Windows Defender Improper Pathname Handling Local Privilege Escalation
[94986] Microsoft Windows Media Format Runtime Media File Handling Arbitrary Code Execution
[94985] Microsoft Windows DirectShow GIF File Handling Memory Overwrite Arbitrary Code Execution
[94966] Microsoft Windows win32k.sys Memory Object Dereference Handling Local Privilege Escalation
[94965] Microsoft Windows win32k.sys Memory Object Allocation Handling Local Privilege Escalation
[94964] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow
[94963] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow DoS
[94962] Microsoft Windows win32k.sys Memory Object Handling Local Information Disclosure
[94961] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation
[94126] Microsoft Windows Print Spooler Printer Deletion Memory Handling Local Privilege Escalation
[94125] Microsoft Windows TCP/IP Driver TCP Connection Crafted Packet Handling Remote Integer Overflow DoS
[94124] Microsoft Windows Kernel Page Fault System Call Handling Local Information Disclosure
[93539] Microsoft Windows win32k.sys EPATHOBJ::pprFlattenRec / EPATHOBJ::bFlatten Functions Local Privilege Escalation
[93320] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation
[93319] Microsoft Windows win32k.sys Memory Object Handling Local Buffer Overflow
[93318] Microsoft Windows DirectX Graphics Kernel Subsystem (dxgkrnl.sys) Memory Object Handling Local Privilege Escalation
[93317] Microsoft Windows Essentials Windows Writer Crafted URL Handling Arbitrary File Overwrite
[93300] Microsoft Windows HTTP Protocol Stack (HTTP.sys) Crafted HTTP Header Handling Infinite Loop Remote DoS
[92133] Microsoft Windows NTFS NULL Pointer Dereference Local Privilege Escalation
[92132] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1292)
[92131] Microsoft Windows win32k.sys Crafted Font File Handling DoS
[92130] Microsoft Windows win32k.sys Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1283)
[92127] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unspecified Local Memory Corruption
[92126] Microsoft Windows Multiple Active Directory Components LDAP Crafted Query Handling Memory Consumption Remote DoS
[92125] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1294)
[92124] Microsoft Windows Kernel Unspecified Memory Object Handling Race Condition Local Privilege Escalation (2013-1284)
[92122] Microsoft Windows Remote Desktop Client ActiveX (mstscax.dll) Use-after-free Arbitrary Code Execution
[91696] Microsoft Windows Modern Mail Unspecified Spoofing Weakness
[91269] Microsoft Windows 8 TrueType Font (TTF) Handling Unspecified DoS
[91195] Microsoft Windows 7 Unspecified ASLR Protection Mechanism Bypass
[91194] Microsoft Windows 7 Kernel Unspecified Local Privilege Escalation (pwn2own)
[91193] Microsoft Windows 7 Unspecified ASLR / DEP Protection Mechanism Bypass (pwn2own)
[91157] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1287)
[91156] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1286)
[91155] Microsoft Windows USB RNDIS Driver Memory Object Handling Unspecified Local Privilege Escalation (2013-1285)
[90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
[90236] Microsoft Windows ZwSetInformationProcess() Function Process Priority Handling Local DoS
[90166] Microsoft Windows Object Linking and Embedding (OLE) Automation Memory Allocation RTF File Handling Arbitrary Code Execution
[90165] Microsoft Windows Win32.sys CSRSS Memory Object Handling Local Privilege Escalation
[90164] Microsoft Windows TCP/IP Stack Crafted Connection Termination Packet (TCP PIN WAIT) Handling Remote DoS
[90163] Microsoft Windows Memory Object Reference Count Handling Local Privilege Escalation
[90162] Microsoft Windows Memory Object Handling Local Privilege Escalation (2013-1279)
[90161] Microsoft Windows ApphelpCacheLookupEntry Function Memory Object Handling Local Privilege Escalation
[90160] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1277)
[90159] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1276)
[90158] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1275)
[90157] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1274)
[90156] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1273)
[90155] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1272)
[90154] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1271)
[90153] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1270)
[90152] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1269)
[90151] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1268)
[90150] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1267)
[90149] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1266)
[90148] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1265)
[90147] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1264)
[90146] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1263)
[90145] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1262)
[90144] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1261)
[90143] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1260)
[90142] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1259)
[90141] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1258)
[90140] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1257)
[90139] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1256)
[90138] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1255)
[90137] Microsoft Windows win32k.sys SfnINOUTSTYLECHANGE Function Memory Object Handling Local Privilege Escalation
[90136] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1253)
[90135] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1252)
[90134] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1251)
[90133] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1250)
[90132] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1249)
[90131] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2013-1248)
[90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution
[90129] Microsoft Windows NFS Server Read-only Share File Operation Handling Remote DoS
[90128] Microsoft Windows Media Content Handling Arbitrary Code Execution
[89315] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS
[89157] Microsoft Windows IPv6 Router Advertisement (RA) Flooding Weakness
[88967] Microsoft Windows SSL/TLS Forced Downgrade MitM Weakness
[88966] Microsoft Windows win32k.sys Window Broadcast Message Handling Local Privilege Escalation
[88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow
[88956] Microsoft Windows Printer Spooler Service Print Job Handling Memory Corruption
[88836] Microsoft Windows Paint BMP Image Parsing Memory Corruption
[88575] Microsoft Windows NT NtAcceptConnectPort Spoofed LPC Port Request Arbitrary Process Hijacking Weakness
[88320] Microsoft Windows TrueType Font (TTF) Parsing Unspecified Arbitrary Code Execution
[88316] Microsoft Windows OpenType Font (OTF) Parsing Unspecified Arbitrary Code Execution
[88313] Microsoft Windows KERNEL32.DLL Filename Parsing Memory Corruption Privilege Escalation
[88312] Microsoft Windows DirectPlay Office File Handling Heap Overflow
[88051] Microsoft Windows Crafted DHCPv6 Message Remote DoS
[87269] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2553)
[87268] Microsoft Windows win32k.sys Memory Object Handling Local Privilege Escalation (2012-2530)
[87260] Microsoft Windows Briefcase Handling Underflow (2012-1527)
[87259] Microsoft Windows Briefcase Handling Underflow (2012-1528)
[86905] Microsoft Windows NTFS ANSI API File Name Truncation Weakness
[86903] Microsoft Windows NT CSRSS Malformed Console I/O Local DoS
[86866] Microsoft Windows Trusted Publisher Certificate Process Injection UAC Protection Bypass
[86865] Microsoft Windows UAC Protection User-assisted Circumvention
[86839] Microsoft Windows Media Player AVI File Handling Divide-by-Zero DoS
[86768] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow
[86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
[86060] Microsoft Windows Kerberos Implementation Session Handling Remote DoS
[86058] Microsoft Windows Kernel Unspecified Memory Object Handling Local Overflow
[85840] Microsoft Windows lpApplicationName Function Path Subversion Local Privilege Escalation
[85749] Microsoft Windows win32k.sys TrueType Font File Handling Buffer Overflow
[85619] Microsoft Windows Phone 7 X.509 Certificate Subject's Common Name (CN) Field Domain Name Validation Multiple Protocol SSL Server MitM Spoofing Weakness
[85444] Microsoft Windows NT MSIEXEC Registry Modification Local Privilege Escalation
[85442] Microsoft Windows NT Predictable LPC Message Identifier Weakness
[85418] Microsoft Windows Share Service File Handle Request Saturation Remote DoS
[85039] Microsoft Windows NT LPC Zone Exhaustion Local DoS
[85038] Microsoft Windows Filename Extension Handling Overflow DoS
[84604] Microsoft Windows JScript / VBScript Memory Object Size Calculation Website Handling Memory Corruption
[84603] Microsoft Windows win32k.sys Use-after-free Local Privilege Escalation
[84602] Microsoft Windows Remote Desktop Services Malformed RDP Packet Parsing Remote Code Execution
[84601] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Stack Overflow
[84600] Microsoft Windows Remote Administration Protocol Malformed RAP Request Parsing Remote Heap Overflow
[84599] Microsoft Windows Print Spooler Service Remote Format String
[84598] Microsoft Windows netapi32.dll Remote Administration Protocol Malformed RAP Request Parsing Remote DoS
[84593] Microsoft Multiple Product Windows Common Controls TabStrip ActiveX (MSCOMCTL.OCX) Document Handling Arbitrary Code Execution
[83796] Microsoft Windows DCOM RPCSS.exe Local Privilege Escalation
[83751] Microsoft Windows Terminal Services LCA Issued Certificates Arbitrary Binary Signing Weakness
[83750] Microsoft Windows Gadgets Unspecified Remote Code Execution
[83660] Microsoft Windows TLS Protocol HTTPS Session Decryption Information Disclosure
[83659] Microsoft Windows win32k.sys Keyboard Layout Handling Local Privilege Escalation
[83658] Microsoft Windows win32k.sys Hook Procedure Creation Incorrect Type Handling Local Privilege Escalation
[83657] Microsoft Windows ADO Cachesize Data Access Components Memory Object Handling Overflow
[83656] Microsoft Windows File / Directory Name Handling Remote Code Execution
[83453] Microsoft Windows ProfileList Registry Key Permission Weakness User Profile Subversion
[83169] Microsoft Windows NT telnetd Service Port Scan Remote DoS
[83126] Microsoft Windows NT Registry Plaintext Service Password Local Disclosure
[82928] Microsoft Windows atmfd.dll OpenType Font (OTF) File Handling DoS
[82858] Microsoft Windows win32k.sys Thread Creation Attempt Handling Race Condition Local Privilege Escalation
[82857] Microsoft Windows TrueType Font Loading Font Resource Reference Counter Handling Local Overflow
[82856] Microsoft Windows win32k.sys Clipboard Format Atom Name Handling Local Privilege Escalation
[82855] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1865)
[82854] Microsoft Windows win32k.sys String Atom Class Name Handling Local Privilege Escalation (2012-1864)
[82851] Microsoft Windows Remote Desktop Protocol (RDP) Memory Object Handling Remote Code Execution
[82850] Microsoft Windows User Mode Scheduler Memory Corruption Local Privilege Escalation
[82849] Microsoft Windows BIOS Memory Handling ROM Corruption Local Privilege Escalation
[82693] Microsoft Windows Terminal Server Licensing Service MD5 Hash Collision Code Signing Spoofing
[82605] Microsoft Windows Explorer Crafted Subdirectory Parent Directory Deletion Local DoS
[82604] Microsoft Windows Media Player Streamed Broadcast Handling Remote Overflow
[82505] Microsoft Windows IE Instances Overflow Group Policy Bypass
[82491] Microsoft Windows UTF Character Set File Extension Spoofing Weakness
[81736] Microsoft Windows GDI+ EMF File Record Handling Remote Code Execution
[81735] Microsoft Windows Partition Manager (partmgr.sys) PnP Configuration Manager Function Call Handling Local Privilege Escalation
[81730] Microsoft Windows tcpip.sys Outbound Packet Filtering Windows Firewall Bypass
[81729] Microsoft Windows tcpip.sys Double-free IPv6 Address Binding Parsing Local Privilege Escalation
[81720] Microsoft Windows t2embed.dll Module TTF File Handling Remote Code Execution
[81717] Microsoft Windows win32k.sys Scrollbar Calculation Handling Local Privilege Escalation
[81716] Microsoft Windows win32k.sys Keyboard Layout File Handling Local Privilege Escalation
[81715] Microsoft Windows win32k.sys Windows and Messages Handling Local Privilege Escalation
[81699] Microsoft Windows xxxCreateWindowEx() Function Invalid Memory Access Local DoS
[81135] Microsoft Windows Authenticode Signature Verification Functionality Signed Portable Executable File Digest Validation Remote Code Execution
[80005] Microsoft Windows DNS Server Domain Resource Record Query Parsing Remote DoS
[80004] Microsoft Windows Remote Desktop Protocol Terminal Server RDP Packet Parsing Remote DoS
[80003] Microsoft Windows DirectWrite Unicode Character Parsing Remote DoS
[80002] Microsoft Windows win32k.sys PostMessage() Function Local Privilege Escalation
[80000] Microsoft Windows Remote Desktop Protocol Array Element Loading Handling Double-free Remote Code Execution
[79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
[79269] Microsoft Windows win32k.sys Use-after-free Keyboard Layout Memory Dereference Local Privilege Escalation
[79259] Microsoft Windows C Run-Time Library msvcrt.dll Meta File Handling Remote Overflow
[79253] Microsoft Windows Ancillary Function Driver (afd.sys) User Mode Input Parsing Local Privilege Escalation
[79252] Microsoft Windows Ancillary Function Driver (afd.sys) AfdPoll User Mode Input Parsing Local Privilege Escalation
[79117] Microsoft Windows Program Group Path Subversion Arbitrary DLL Injection Code Execution
[78759] Microsoft Windows ICMPv6 Echo Request Remote Promiscuous Mode Detection
[78212] Microsoft Windows Object Packager Path Subversion packager.exe Loading Remote Code Execution
[78211] Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Execution
[78210] Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Code Execution
[78209] Microsoft Windows Ntdll.dll Structured Exception Handling Tables Loading SafeSEH Security Bypass
[78207] Microsoft Windows Embedded ClickOnce Application Office File Handling Remote Code Execution
[78206] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Unicode Character Parsing Local Privilege Escalation
[78010] Microsoft Windows Phone Text Message Parsing Remote DoS
[77908] Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote Memory Corruption
[77667] Microsoft Windows Active Directory Query Parsing Remote Overflow
[77666] Microsoft Windows Kernel Exception Handler Local Privilege Escalation
[77663] Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Remote Code Execution
[77662] Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation
[77660] Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Corruption
[77620] Microsoft Windows IE Sandbox Restriction Bypass Local Privilege Escalation
[77262] Microsoft Windows win32k.sys Driver Keyboard Layout File Handling Local DoS
[77213] Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass
[76902] Microsoft Windows Active Directory LDAPS CRL Handling Weakness Authentication Bypass
[76901] Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL Injection Code Execution
[76900] Microsoft Windows Malformed TrueType Font Parsing DoS
[76899] Microsoft Windows TCP/IP Reference Counter Crafted UDP Packet Stream Remote Overflow
[76843] Microsoft Windows Win32k TrueType Font Handling Privilege Escalation
[76232] Microsoft Windows Ancillary Function Driver afd.sys Local Privilege Escalation
[76231] Microsoft Windows Active Accessibility Path Subversion Arbitrary DLL Injection Code Execution
[76221] Microsoft Windows win32k.sys Driver Use-after-free Driver Object Handling Arbitrary Code Execution
[76220] Microsoft Windows win32k.sys Driver .fon Font File Handling Overflow
[76219] Microsoft Windows win32k.sys Driver Type Translation TrueType Font File Handling DoS
[76218] Microsoft Windows win32k.sys Driver NULL Dereference Unspecified Arbitrary Code Execution
[76205] Microsoft Windows Media Center Path Subversion Arbitrary DLL Injection Code Execution
[75473] Microsoft Windows Explorer shmedia.dll AVI File Handling Remote DoS
[75444] Microsoft Windows WINS Loopback Interface Crafted Packet Local Privilege Escalation
[75382] Microsoft Windows Shell Extensions Path Subversion Arbitrary DLL Injection Code Execution
[75260] Microsoft Windows IPv6 Router Advertisement (RA) MitM Weakness
[75199] Intel G41 Driver for Microsoft Windows Unspecified Page Handling DoS
[75197] NVIDIA Geforce 310 Driver on Microsoft Windows Unspecified Page Handling DoS
[75195] Microsoft Windows GPU Support Functionality Unspecified Page Handling DoS
[74483] Microsoft Windows TCP/IP Stack (Tcpip.sys) QoS URL Request Parsing Remote DoS
[74482] Microsoft Windows TCP/IP Stack (Tcpip.sys) ICMP Message Parsing Remote DoS
[74408] Microsoft Windows Data Access Tracing Component Path Subversion Arbitrary DLL Injection Code Execution
[74407] Microsoft Windows Kernel File Metadata Handling Remote DoS
[74406] Microsoft Windows Remote Desktop Web Access Logon Page Unspecified XSS
[74405] Microsoft Windows Remote Desktop Protocol RDP Packet Parsing Remote DoS
[74402] Microsoft Windows Remote Access Service NDISTAPI Driver User Input Validation Weakness Local Privilege Escalation
[74401] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Inter-Process Device Event Message Parsing Local Privilege Escalation
[74400] Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS
[74399] Microsoft Windows DNS Service NAPTR Query Parsing Overflow
[74265] Microsoft Windows CSRSS winsrv.dll SrvGetConsoleTitle() Function Type Casting Weakness Local DoS
[73880] ArcSight Connector Appliance Windows Event Log SmartConnector Microsoft OS Version Field XSS
[73799] Microsoft Windows Bluetooth Driver Object Handling Remote Code Execution
[73796] Microsoft Windows CSRSS SrvSetConsoleLocalEUDC() Function NULL Page Data Write Local Privilege Escalation
[73795] Microsoft Windows CSRSS SrvWriteConsoleOutputString() Function Local Overflow
[73794] Microsoft Windows CSRSS SrvWriteConsoleOutput() Function Local Overflow
[73793] Microsoft Windows CSRSS SrvSetConsoleNumberOfCommand() Function Kernel Memory Access Local Privilege Escalation
[73792] Microsoft Windows CSRSS AllocConsole() Function Multiple Console Object Orphaning Local Privilege Escalation
[73791] Microsoft Windows win32k.sys Driver Function Argument Validation Unspecified Local Information Disclosure
[73790] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1888)
[73789] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1887)
[73788] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1885)
[73787] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1881)
[73786] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1880)
[73785] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1875)
[73784] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1884)
[73783] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1883)
[73782] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1882)
[73781] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1879)
[73780] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1878)
[73779] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1877)
[73778] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1876)
[73777] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1874)
[73654] Microsoft Windows fxsst.dll Path Subversion DLL Injection Code Execution
[73602] Microsoft Windows nsiproxy.sys Local DoS
[72959] Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution
[72955] Microsoft Windows Ancillary Function Driver Local Privilege Escalation
[72937] Microsoft Windows Active Directory Certificate Services Web Enrollment XSS
[72936] Microsoft Windows Server Service Crafted SMB Request Parsing Remote DoS
[72935] Microsoft Windows MHTML Mime-Formatted Request Unspecified XSS
[72930] Microsoft Windows Hyper-V VMBus vmswitch.sys Crafted Packet Cross-guest Local DoS
[72929] Microsoft Windows Distributed File System (DFS) Referral Response Handling Remote DoS
[72928] Microsoft Windows Distributed File System (DFS) Response Handling Memory Corruption Remote Code Execution
[72919] Microsoft Windows OpenType Font (OTF) Pointer Validation Arbitrary Code Execution
[72676] Microsoft Windows Kernel-mode GS Cookie Entropy Weakness
[72672] Microsoft Windows AppFix systest.sdb Local DoS
[72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
[72234] Microsoft Windows WINS Service Failed Response Data Reuse Memory Corruption Remote Code Execution
[71788] Microsoft Windows Messenger ActiveX Unspecified Remote Code Execution
[71781] Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution
[71780] Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execution
[71779] Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow
[71778] Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs Parsing Memory Corruption
[71776] Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow
[71775] Microsoft Windows Fax Cover Page Editor fxscover.exe Text Element Handling Memory Corruption
[71774] Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Overflow
[71773] Microsoft Windows Common Internet File System (CIFS) Malformed Browser Message Handling Overflow
[71772] Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution
[71757] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1242)
[71756] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1241)
[71755] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1240)
[71754] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1239)
[71753] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1238)
[71752] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1237)
[71751] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1236)
[71750] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1235)
[71749] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-1234)
[71748] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0675)
[71747] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0674)
[71746] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0672)
[71745] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0671)
[71744] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0670)
[71743] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0667)
[71742] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0666)
[71741] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0665)
[71740] Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privilege Escalation (2011-0662)
[71739] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1233)
[71738] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1232)
[71737] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1231)
[71736] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1230)
[71735] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1229)
[71734] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1228)
[71732] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1227)
[71731] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1226)
[71730] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-1225)
[71729] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0677)
[71728] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0676)
[71727] Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Local Privilege Escalation (2011-0673)
[71671] Microsoft Windows afd.sys 120CFh IOCTL Handling Local DoS
[71667] Microsoft Windows SetDllDirectory Function Binary Planting Protection Bypass
[71016] Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code Execution
[71015] Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Execution
[71014] Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injection Code Execution
[70885] Microsoft Windows LSASS Authentication Request Privilege Escalation
[70881] Microsoft Windows SMB Browser Election Request Server Name String Overflow
[70835] Microsoft Windows Kerberos Authentication Downgrade Weakness
[70834] Microsoft Windows Kerberos Unkeyed Checksum Hashing Mechanism Service Ticket Forgery
[70827] Microsoft Windows JScript / VBScript Scripting Engine Memory Corruption Information Disclosure
[70826] Microsoft Windows CSRSS Logoff Process Termination Local Information Disclosure
[70825] Microsoft Windows Server Active Directory Server Principal Name (SPN) Handling Remote DoS
[70823] Microsoft Windows Kernel Trace Event (WmiTraceMessageVa) Handling Integer Truncation Local Privilege Escalation
[70819] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0087)
[70818] Microsoft Windows Kernel Unspecified User Input Validation Weakness Local Privilege Escalation (2011-0086)
[70817] Microsoft Windows Kernel Class Improper Pointer Validation Unspecified Local Privilege Escalation
[70816] Microsoft Windows Kernel Window Class Pointer Confusion Unspecified Local Privilege Escalation
[70814] Microsoft Windows Kernel Unspecified Memory Corruption Local Privilege Escalation
[70693] Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS
[70689] Microsoft Windows USB Human Interface Device Functionality Warning Weakness Arbitrary Program Execution
[70390] Microsoft Windows IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS
[70263] Microsoft Windows Bitmap Thumbnail shimgvw.dll CreateSizedDIBSECTION() Function biClrUsed Parameter Overflow
[70126] Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow
[70000] Microsoft Windows Remote Access Phonebook (rasphone.exe) Path Subversion Arbitrary EXE Injection Code Execution
[69824] Microsoft Windows Consent User Interface Local Privilege Escalation
[69823] Microsoft Windows Routing and Remote Access NDProxy Unspecified Local Code Execution
[69822] Microsoft Windows OpenType Font Driver CMAP Table Parsing Arbitrary Code Execution
[69821] Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution
[69820] Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution
[69819] Microsoft Windows Netlogon RPC Service Crafted Request Remote DoS
[69818] Microsoft Windows Hyper-V VMBus Crafted Packet Local DoS
[69816] Microsoft Windows BranchCache Path Subversion Arbitrary DLL Injection Code Execution
[69802] Microsoft Windows win32k.sys Cursor Linking Unspecified Local Privilege Escalation
[69801] Microsoft Windows win32k.sys WriteAV Unspecified Local Privilege Escalation
[69800] Microsoft Windows win32k.sys Unspecified Double-free Local Privilege Escalation
[69799] Microsoft Windows win32k.sys PFE Pointer Double-free Local Privilege Escalation
[69798] Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation
[69797] Microsoft Windows win32k.sys Unspecified Local Overflow
[69501] Microsoft Windows win32k.sys Driver GreEnableEUDC() Function Local Overflow
[69465] Microsoft Windows win32k.sys NtGdiEnableEUDC Local Overflow Privilege Escalation
[68946] Microsoft Windows DAO Object Library Path Subversion Arbitrary DLL Injection Code Execution
[68933] Microsoft Windows Shell32.dll Environment Variable Expansion SetDllDirectory Function Bypass
[68857] Microsoft Windows XP wscript.exe Path Subversion Arbitrary DLL Injection Code Execution
[68586] Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation
[68560] Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS
[68559] Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution
[68558] Microsoft Windows OpenType Malformed Font Validation Remote Code Execution
[68557] Microsoft Windows Media Player Reload Operation Object Deallocation Memory Corruption
[68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
[68553] Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Parsing Overflow
[68552] Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege Escalation
[68551] Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privilege Escalation
[68550] Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Remote Code Execution
[68549] Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Content Handling Overflow
[68532] Microsoft Windows rpcrt4.dll LRPC_SCALL::SendRequest() Function LPC Message Local Overflow DoS
[68518] Microsoft Windows on 32-bit Task Scheduler Crafted Application Local Privilege Escalation
[68517] Microsoft Windows on 32-bit win32k.sys Keyboard Layout Loading Local Privilege Escalation
[67988] Microsoft Windows Print Spooler Service RPC Impersonation StartDocPrinter Procedure Remote Code Execution
[67987] Microsoft Windows LSASS Implementation Malformed LDAP Message Handling Remote Overflow
[67986] Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Escalation
[67985] Microsoft Windows MPEG-4 Codec Content Parsing Overflow
[67983] Microsoft Windows WordPad Text Converters Document Parsing Memory Corruption
[67981] Microsoft Windows RPC Response Processing Remote Memory Corruption
[67784] Microsoft Windows Media Encoder Path Subversion Arbitrary DLL Injection Code Execution
[67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution
[67722] Microsoft Windows Internet Connection Signup Wizard Path Subversion Arbitrary DLL Injection Code Execution
[67600] Microsoft Windows Media Player Path Subversion Arbitrary DLL Injection Code Execution
[67599] Microsoft Windows Live Messenger Path Subversion Arbitrary DLL Injection Code Execution
[67553] Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution
[67552] Microsoft Windows Internet Communication Settings Path Subversion Arbitrary DLL Injection Code Execution
[67551] Microsoft Windows Indeo Codec (ac25_32.ax) Path Subversion Arbitrary DLL Injection Code Execution
[67548] Microsoft Windows Vista BitLocker Drive Encryption Path Subversion Arbitrary DLL Injection Code Execution
[67543] Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Execution
[67535] Microsoft Windows Progman Group Converter Path Subversion Arbitrary DLL Injection Code Execution
[67500] Microsoft Windows Live Mail Path Subversion Arbitrary DLL Injection Code Execution
[67408] Microsoft Windows Ipv4SetEchoRequestCreate() Interruption DoS
[67083] Microsoft Windows TAPI Server (TAPISRV) Service Isolation Bypass Local Privilege Escalation
[67005] Microsoft Windows TCP/IP Implementation IppSortDestinationAddresses() Function Local Overflow
[67004] Microsoft Windows Malformed IPv6 Extension Header Handling Remote Memory Corruption DoS
[66990] Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS
[66989] Microsoft Windows Kernel Object Initialization Error Handling Local Privilege Escalation
[66988] Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Privilege Escalation
[66987] Microsoft Windows SChannel Malformed Certificate Request Remote Code Execution
[66986] Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing Overflow
[66985] Microsoft Windows MPEG Layer-3 Audio Stream Decoding Overflow
[66984] Microsoft Windows iccvid.dll VIDC (Cinepak) Codec Decompression Arbitrary Code Execution
[66983] Microsoft Windows win32k.sys Driver xxxCreateWindowsEx hParent Value Handling Local Privilege Escalation
[66982] Microsoft Windows win32k.sys Driver User Mode Input Unspecified Local Privilege Escalation
[66981] Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation
[66979] Microsoft Windows win32k.sys Driver GreStretchBltInternal() Handling Local DoS
[66978] Microsoft Windows Tracing Feature for Services Registry String Handling Memory Corruption Local Privilege Escalation
[66977] Microsoft Windows Tracing Feature for Services Registry Key ACL Local Privilege Escalation
[66976] Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Remote DoS
[66975] Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS
[66974] Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Code Execution
[66934] Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow
[66387] Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution
[66003] Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Free Local Privilege Escalation
[66001] Microsoft Windows mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Local Pointer Disclosure
[65529] Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS
[65264] Microsoft Windows hcp:// Protocol Handler MPC::HexToNum() Function String Miscalculation Arbitrary Command Execution
[65225] Microsoft Windows Kernel-Mode Driver Window Creation Local Privilege Escalation
[65224] Microsoft Windows Kernel-Mode Driver Win32k.sys GetDCEx() Function Device Contexts (DC) Handling Local Privilege Escalation
[65223] Microsoft Windows Kernel-Mode Driver TrueType Font Parsing Local Privilege Escalation
[65222] Microsoft Windows MJPEG Media Decompression Unspecified Remote Code Execution
[65221] Microsoft Windows Media Decompression Unspecified Remote Code Execution
[65219] Microsoft Windows / Office COM Object Instantiation Validation Remote Code Execution
[65217] Microsoft Windows OpenType Compact Font Format (CFF) Driver Privilege Escalation
[64928] Microsoft Windows SMB Client Transaction Response Handling Memory Corruption (2010-0476)
[64927] Microsoft Windows SMB Client Transaction SMB_COM_TRANSACTION2 Response Handling Memory Corruption
[64926] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0477)
[64925] Microsoft Windows SMB Client Unspecified Response Handling Memory Corruption (2010-0269)
[64731] Microsoft Windows Canonical Display Driver (cdd.dll) Unspecified Memory Corruption
[64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow
[64391] Microsoft Windows Group Policy Management Editor Account Password Removal Weakness
[64341] Microsoft Windows Unspecified SMB Negotiation Remote DoS
[64340] Microsoft Windows RRAS InterfaceAdjustVLSPointers Null Dereference Remote DoS
[64058] Microsoft Windows win32k.sys SfnINSTRING() Local DoS
[64057] Microsoft Windows win32k.sys Driver SfnLOGONNOTIFY() Function Local Privilege Escalation
[63765] Microsoft Windows Media Player ActiveX fourCC Compression Code Codec Retrieval Arbitrary Code Execution
[63749] Microsoft Windows MPEG Layer-3 Audio Decoder AVI File Handling Overflow
[63747] Microsoft Windows ISATAP Component IPv6 Tunneled Packet IP Address Spoofing Weakness
[63746] Microsoft Windows Authenticode Signature Verification Cabview Manipulation Privilege Escalation
[63745] Microsoft Windows Authenticode WinVerifyTrust Signature Manipulation Validation Bypass
[63739] Microsoft Windows SMTP / Exchange Server Malformed Command Sequence Remote Information Disclosure
[63738] Microsoft Windows SMTP / Exchange Server DNS Mail Exchanger (MX) Resource Record Handling Remote DoS
[63736] Microsoft Windows Kernel Symbolic Link Value Processing Unspecified Local DoS
[63735] Microsoft Windows Kernel Exception Handling Unspecified Local DoS
[63733] Microsoft Windows Kernel Registry Link Symbolic Link Extraction Local Privilege Escalation
[63732] Microsoft Windows Kernel Malformed Image Handling Local DoS
[63731] Microsoft Windows Kernel Registry Hive Symbolic Link Creation Local Privilege Escalation
[63730] Microsoft Windows Kernel Registry Key Validation Unspecified Local DoS
[63729] Microsoft Windows Kernel Virtual Path Parsing Local DoS
[63728] Microsoft Windows Unspecified Kernel System Call Registry Handling Local DoS
[63726] Microsoft Windows Media Unicast Service Transport Packet Handling Remote Overflow
[63468] Microsoft Windows ANI Parser BITMAPINFO Header Crafted biClrUsed Value DoS
[63231] Microsoft Windows Media Player Crafted AVI File Colorspace Conversion Memory Corruption
[62855] Microsoft Windows HTML Help Control ActiveX chm File Handling Arbitrary Code Execution
[62811] Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Project File (.MSWMM) Handling Overflow
[62756] Microsoft Windows VBScript MsgBox() Function helpfile Argument Arbitrary Command Execution
[62660] Microsoft Windows Unspecified API Argument Validation Local DoS
[62652] Microsoft Windows Media Player Crafted MPG File Handling Overflow DoS
[62637] Microsoft Windows Malformed TCP SYN Packet Remote DoS (Blat)
[62632] Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution
[62259] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation
[62258] Microsoft Windows Kerberos Ticket-Granting-Ticket Renewal Request NULL Dereference Remote DoS
[62257] Microsoft Windows DirectShow AVI File Decompression Overflow
[62256] Microsoft Windows SMB Server Crafted Network Message Remote Code Execution
[62255] Microsoft Windows SMB Server Crafted Packet Handling Remote DoS
[62254] Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS
[62253] Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness
[62252] Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Session Termination Weakness Local Privilege Escalation
[62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
[62250] Microsoft Windows TCP/IP Stack ICMPv6 Router Advertisement Packet Handling Remote Code Execution
[62249] Microsoft Windows TCP/IP Stack ESP Over UDP Header MDL Fragmentation Remote Code Execution
[62248] Microsoft Windows TCP/IP Stack ICMPv6 Route Information Packet Handling Remote Code Execution
[62247] Microsoft Windows TCP/IP Selective Acknowledgment (SACK) Value Handling Remote DoS
[62245] Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution
[62244] Microsoft Windows SMB Client Negotiate Protocol Response Handling Remote Code Execution
[62243] Microsoft Windows SMB Client Packet Handling Race Condition Remote Privilege Escalation
[62242] Microsoft Windows Paint JPEG Image Decoding Overflow
[61854] Microsoft Windows Virtual DOS Machine (VDM) Subsystem #GP Trap Handler (nt!KiTrap0D) Local Privilege Escalation
[61676] Microsoft Windows Live Messenger msnmsgr.exe ActiveX (msgsc.14.0.8089.726.dll) ViewProfile Method MSN Messenger Session Remote DoS
[61651] Microsoft Windows Embedded OpenType Font Engine LZCOMP Decompressor Font Handling Arbitrary Code Execution
[61037] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4312)
[61036] Microsoft Windows Indeo Codec Crafted Media Content Arbitrary Code Execution (2009-4311)
[60858] Microsoft Windows Intel Indeo32 Codec (ir32_32.dll) IV32 FourCC Code Handling Heap Corruption
[60857] Microsoft Windows Indeo Codec Unspecified Memory Corruption
[60856] Microsoft Windows Intel Indeo41 Codec IV41 Stream Video Decompression Overflow
[60855] Microsoft Windows Intel Indeo41 Codec IV41 movi Record Handling Overflow
[60836] Microsoft Windows Active Directory Federation Services (ADFS) Request Header Handling Remote Code Execution
[60835] Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on Spoofing
[60833] Microsoft Windows Internet Authentication Service Crafted MS-CHAP v2 Message Remote Authentication Bypass
[60832] Microsoft Windows Internet Authentication Service Protected Extensible Authentication Protocol (PEAP) Message Handling Remote Memory Corruption
[60831] Microsoft Windows Local Security Authority Subsystem (LSASS) ISAKMP Message Handling Resource Exhaustion Remote DoS
[60368] Microsoft Windows Terminal Services msgina.dll Unrestricted Resource Lock Remote DoS
[60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
[60273] Microsoft Windows NT Virtual DOS Machine 16-bit Executable Permission Bypass Local Privilege Escalation
[60225] Microsoft Windows XP System Restore Directory ACL Weakness Local Privilege Escalation
[60210] Microsoft Windows Active Directory Malformed LDAP Client Request Remote DoS
[60206] Microsoft Windows Fast User Switching (FUS) Arbitrary User Process Listing Disclosure
[60145] Microsoft Windows NT cmd.exe CD Command Arbitrary Local Code Execution
[60057] Microsoft Windows File Protection (WFP) Catalog File (.CAT) Modification Hash Code Comparison Bypass
[59957] Microsoft Windows SMB Response Handling Remote DoS
[59869] Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing Remote Code Execution
[59868] Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Escalation
[59867] Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escalation
[59865] Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handling Memory Corruption
[59856] Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Remote DoS
[59855] Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW Method Remote Overflow
[59819] Microsoft Windows RPC Session Handle Hijacking Remote Privilege Escalation
[59738] Microsoft Windows ZIP Filename Handling Overflow DoS
[59736] Microsoft Windows Media Player (WMP) on Solaris Installation Permission Weakness Local Privilege Escalation
[59734] Microsoft Windows Log Clearning Function Admin Notification Weakness
[59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
[59732] Microsoft Windows Screensaver Domain Account Lock Verification Local Brute Force Weakness
[59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
[59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
[59515] Microsoft Windows csrss.exe Command Prompt Input Manipulation Forced Reboot DoS
[59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
[59513] Microsoft Windows NT winnt/system32 Write Access Local DoS (NT4ALL)
[59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
[59347] Microsoft Windows SYSKEY Registry EFS Startup Key Disclosure
[59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
[59340] Microsoft Windows NT Logon Box Account Name Disclosure
[59333] Microsoft Windows NT Winlogon Key Local Shutdown DoS
[59325] Microsoft Windows NT Scheduler Drive Mapping Permission Weakness Local Privilege Escalation
[59264] Microsoft Windows Crafted Fragmented Packet Stream Remote DoS (Jolt)
[59260] Microsoft Windows NT SNMP Agent Query Saturation Remote DoS
[59250] Microsoft Windows NT Fragmented Packet Handling Remote DoS (ntfrag)
[59241] Microsoft Windows CreateRemoteThread Function Arbitrary Writeable Process Termination DoS
[58876] Microsoft Windows SMB Packet Command Value Handling Remote Code Execution
[58875] Microsoft Windows SMBv2 Packet Handling Infinitie Loop Remote DoS
[58862] Microsoft Windows LSASS Malformed NTLM Authentication Packets Remote Overflow DoS
[58861] Microsoft Windows Kernel Exception Handler Unspecified Local DoS
[58860] Microsoft Windows Kernel User Mode PE File Handling NULL Dereference Local Privilege Escalation
[58859] Microsoft Windows Kernel 64-bit Value Conversion Truncation Local Privilege Escalation
[58856] Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Overflow Spoofing Weakness
[58855] Microsoft Windows CryptoAPI X.509 Certificate Common Name Null Truncation Spoofing
[58854] Microsoft Windows Indexing Service ActiveX Memory Corruption Arbitrary Code Execution
[58845] Microsoft Windows Media Runtime Compressed Audio File Handling Heap Corruption Arbitrary Code Execution
[58844] Microsoft Windows Media Player ASF Runtime Voice Sample Rate Handling Arbitrary Code Execution
[58843] Microsoft Windows Media Player ASF Handling Overflow
[58786] Microsoft Windows User Profile Unloading Session Persistence Weakness
[58785] Microsoft Windows MFC Component (MFC42u.dll) AfxOleSetEditMenu Function RTF Malformed OLE Object Handling Overflow
[57806] Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arbitrary Code Execution
[57803] Microsoft Windows Media MP3 File Handling Memory Corruption
[57802] Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution
[57799] Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL REQUEST Remote DoS
[57798] Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution
[57797] Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS
[57796] Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution
[57795] Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State Table Remote DoS
[57016] Microsoft Windows win32k.sys Embedded OpenType Font Handling DoS
[56912] Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow
[56909] Microsoft Windows AVI Media File Parsing Unspecified Overflow
[56908] Microsoft Windows Malformed AVI Header Parsing Arbitrary Code Execution
[56904] Microsoft Windows Telnet NTLM Credential Reflection Remote Access
[56902] Microsoft Windows Workstation Service NetrGetJoinInformation Function Local Memory Corruption Arbitrary Code Execution
[56901] Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation
[56900] Microsoft Windows Internet Name Service (WINS) Network Packet Handling Remote Integer Overflow
[56899] Microsoft Windows Internet Name Service (WINS) Push Request Handling Remote Overflow
[56780] Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation
[56516] Microsoft Windows lpCmdLine Filename Whitespace Handling Weakness
[56514] Microsoft Windows gzip Libraries Unspecified Remote Code Execution
[56513] Microsoft Windows Autorun / NoDriveTypeAutoRun Registry Value Enforcement Weakness
[55843] Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow
[55842] Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow
[55645] Microsoft Windows Live Messenger (WLM) msnmsgr.exe Malformed Content-Type Header Remote DoS
[55644] Microsoft Windows Live Messenger Client MSN Protocol over NAT Multiple Header Field Internal IP Disclosure
[55332] Microsoft Windows PPTP Server (Raspptpe.sys) Malformed Control Packet Remote DoS
[55309] Microsoft Windows ICMP Type 9 Packet Remote DoS
[55050] Microsoft Windows win32k.sys Thread Handling Local Race Condition DoS
[54961] Microsoft Office PowerPoint Freelance Windows Translator (FL21WIN.DLL) Layout Parsing Overflow
[54943] Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escalation
[54942] Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation
[54941] Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation
[54940] Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation
[54939] Microsoft Office Works for Windows File Converter .wps Handling Overflow
[54938] Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS
[54937] Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN AttributeValue Handling Arbitrary Code Execution
[54936] Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution
[54935] Microsoft Windows MSHTML Search Preview Display Information Disclosure
[54934] Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation
[54933] Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File Disclosure
[54932] Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Remote Overflow
[54931] Microsoft Windows SystemParametersInfo() Function SPI_*DESKWALLPAPER Call Local DoS
[54191] Microsoft Windows GDI+ PNG File Handling Infinite Loop DoS
[53804] Microsoft Windows Media Player MID File Handling Overflow DoS
[53668] Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation
[53667] Microsoft Windows RPCSS Service Isolation Local Privilege Escalation
[53666] Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Privilege Escalation
[53623] Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code Execution
[53621] Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismatch Weakness
[53620] Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow
[53619] Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution
[53533] Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information Disclosure
[53309] Microsoft Windows WINS 1Ch Registration Domain Controller Manipulation
[53248] Microsoft Windows DNS Server Crafted Packets Remote Memory Consumption DoS
[52892] Microsoft IE on Windows Link Click Unspecified Arbitrary Code Execution (PWN2OWN)
[52694] Microsoft Windows Media Player Malformed GET Request DoS
[52693] Microsoft Windows Mobile Bluetooth Stack OBEX FTP Service Traversal Arbitrary File Manipulation
[52685] Microsoft Windows FTP Client Multiple Command Overflows
[52683] Microsoft Windows explorer.exe Malformed PNG Handling DoS
[52682] Microsoft Windows Explorer ZIP Handler DoS
[52681] Microsoft Windows Firewall sessmgr.exe Port Restriction Local Bypass
[52524] Microsoft Windows Invalid Pointer Local Privilege Escalation
[52523] Microsoft Windows Handle Validation Local Privilege Escalation
[52522] Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution
[52521] Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass
[52520] Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness
[52519] Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness
[52518] Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness
[52517] Microsoft Windows DNS Server Query Validation Spoofing
[51433] Microsoft Windows Crafted CHM File Handling Overflow
[51133] Microsoft Windows Media Player Multiple File Handling Remote Overflow
[50567] Microsoft Windows WordPad Text Converter Unspecified Memory Corruption
[50566] Microsoft Windows Explorer search-ms Protocol Handler Arbitrary Code Execution
[50565] Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution
[50562] Microsoft Windows GDI WMF Image Size Parameter Parsing Overflow
[50561] Microsoft Windows GDI WMF Image Parsing Integer Math Overflow
[50559] Microsoft Windows Media Component Crafted ISATAP Address NTLM Credential Disclosure
[50558] Microsoft Windows Media Component Service Principal Name (SPN) Credential Reflection Arbitrary Code Execution
[50533] Microsoft Windows Media Services nskey.dll ActiveX CallHTMLHelp Method Overflow
[50287] Microsoft Windows Vista iphlpapi.dll CreateIpForwardEntry2() Function Memory Corruption
[50280] Microsoft Windows UnhookWindowsHookEx Call Saturation Race Condition Local DoS
[50252] Microsoft Windows Media Player Crafted DAT File MThd Header Handling DoS
[50251] Microsoft Windows Media Player Crafted MIDI File MThd Header Handling DoS
[50000] Microsoft Windows Active Directory LDAP Server Bind Request User Account Enumeration
[49897] Microsoft Windows Explorer Crafted ZIP File Handling DoS
[49895] Microsoft Windows GDI+ gdiplus.dll Crafted ICO File Handling DoS
[49736] Microsoft Windows SMB NTLM Authentication Credential Replay Remote Code Execution
[49364] Cisco PIX / ASA Microsoft Windows NT VPN Domain Authentication Bypass
[49243] Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution
[49061] Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation
[49060] Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Execution
[49058] Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow
[49057] Microsoft Windows SMB File Name Handling Remote Underflow
[49056] Microsoft Windows Kernel Memory Corruption Local Privilege Escalation
[49055] Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution
[49054] Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation
[49053] Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation
[48837] Microsoft Windows Vista Page Fault Handling DoS
[48789] Microsoft Windows Mobile Bluetooth Device Name Overflow DoS
[48359] Microsoft Windows Vista ASLR / DEP Memory Protection Bypass
[48302] Microsoft Windows nslookup.exe DNS Zone Transfer Request Unspecified Arbitrary Code Execution
[48153] Microsoft Windows srv.sys WRITE_ANDX SMB Packet Handling Remote DoS
[48037] Microsoft Windows Image Acquisition Logger ActiveX Open Method Arbitrary File Download
[48009] Microsoft Windows Kernel IopfCompleteRequest API Overflow
[47963] Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution
[47962] Microsoft Windows Media Encoder wmex.dll ActiveX Overflow
[47412] Microsoft Windows Event System Crafted Request Array Index Handling Remote Privilege Escalation
[47411] Microsoft Windows Event System Per-user Subscription Crafted Request Remote Privilege Escalation
[47403] Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privileged Operations
[47396] Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Disclosure
[47395] Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpenColorProfile Function ICM Image File Handling Overflow
[46990] Microsoft Windows Explorer (explorer.exe) Unspecified WMF Handling DoS
[46801] Microsoft Windows Calendar Malformed ICS File Handling DoS
[46778] Microsoft Windows DNS Query ID Field Prediction Cache Poisoning
[46777] Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning
[46774] Microsoft Windows Explorer Saved Search File Handling DoS
[46210] Microsoft Windows Installer msiexec.exe /uninstall Option GUID Value Overflow
[46068] Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS
[46067] Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS
[46066] Microsoft Windows Active Directory LDAP Request Processing Remote DoS
[46063] Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privilege Escalation
[46062] Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution
[46061] Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution
[45809] Microsoft Windows Vista Kernel Unspecified Remote Issue
[45523] Microsoft Windows Live Messenger GDI Engine Malformed File Handling Overflow
[45521] Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS
[45280] Microsoft Windows Media Player (WMP) mplay32.exe MP3 Filename Handling Local Overflow
[45048] Microsoft Windows XP I2O Utility Filter Driver (i2omgmt.sys) Local Privilege Escalation
[44975] Microsoft Windows CE GIF Imaging Component Unspecified Arbitrary Code Execution
[44974] Microsoft Windows CE JPEG (GDI+) Handling Unspecified Arbitrary Code Execution
[44880] Microsoft Windows msjet40.dll MDB File Handling Overflow
[44580] Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImpersonatePrivilege User Right Local Privilege Escalation
[44215] Microsoft Windows GDI EMF Filename Parameter Handling Overflow
[44214] Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow
[44213] Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows
[44206] Microsoft Windows Kernel Unspecified Privilege Escalation
[44200] Microsoft Windows Random Number Generator (RNG) CryptGenRandom Function Prediction Weakness
[44172] Microsoft Windows DNS Client Predictable Transaction ID Spoofing
[44171] Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption
[44018] Microsoft Windows Vista SP1 Page Protection Unspecified Bypass
[43773] Microsoft Windows Explorer (explorer.exe) GIF File Handling Remote DoS
[43715] Microsoft Windows Media Player (WMP) AIFF File Handling DoS
[43603] Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass
[43434] Microsoft Windows Vista NoDriveTypeAutoRun Auto-Play Bypass
[43307] Microsoft Windows Explorer (explorer.exe) AVI Handling Right-Click Action DoS
[42579] 3ivx MPEG-4 on Microsoft Windows Media Player (WMP) mplayer2.exe MP4 File Handling Overflow
[41553] Microsoft Windows Explorer BMP Width Dimension Handling Overflow
[41491] Microsoft Windows Vista Crafted DHCP Response DoS
[41463] Microsoft Windows OLE Automation Unspecified Memory Corruption Remote Code Execution
[41156] Microsoft Windows x64 Kernel PatchGuard Bypass
[41155] Microsoft Windows Hardware-enforced DEP Bypass
[41154] Microsoft Windows XP EFS Cleartext Password Storage
[41097] Microsoft Windows Task Scheduler (at.exe) Local Privilege Escalation
[41093] Microsoft Windows Media Player (WMP) MSIE Static Invocation HTML Rendering Weakness
[41092] Microsoft Windows DNS Service Predictable Transaction ID Weakness
[41090] Microsoft Windows w/ IE7 Shell32.dll Crafted URL Third-party Application Arbitrary Command Execution
[41065] Microsoft Windows kernel32.dll Multiple Function DoS
[41064] Microsoft Windows ntdll.dll Multiple Function DoS
[41059] Microsoft Windows ARP Saturation Remote DoS
[40071] Microsoft Windows LSASS Crafted LPC Request Local Privilege Escalation
[40070] Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution
[40069] Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS
[39521] Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow
[39131] Microsoft Windows Media Player Crafted AU File Application Crash Remote DoS
[39127] Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution
[39126] Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution
[39125] Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution
[39124] Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege Escalation
[39123] Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution
[39122] Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution
[39014] Microsoft Windows RunAs Command Local Arbitrary Process DoS
[38991] Microsoft Windows PNG Image IHDR block Multiple Crafted Value Remote DoS
[38499] Microsoft Windows Mobile ActiveSync USB Weak PIN/Password Encryption
[38494] Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) ICO Handling DoS
[37637] Microsoft Windows Crafted HLP File Overflow
[37635] Microsoft Windows Virtual DOS Machine (VDM) PhysicalMemory Race Condition Local Privilege Escalation
[37631] Microsoft Windows Malformed NNTP Response Remote Memory Corruption
[37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
[37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
[37627] Microsoft Windows Kodak Image Viewer Image File Handling Arbitrary Code Execution
[37105] Microsoft Windows mfc42.dll / mfc42u.dll CFileFind Class FindFile() Function Overflow
[36938] Microsoft Windows XP Kernel Process Scheduler Local DoS
[36937] Microsoft Windows / IE ActiveX (triedit.dll) Multiple Property NULL Pointer DoS
[36935] Microsoft Windows Services for UNIX Local Privilege Escalation
[36393] Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue
[36392] Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary Code Execution
[36391] Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS
[36390] Microsoft Windows Vector Markup Language (VML) VGX.DLL CDownloadSink Class Overflow
[36388] Microsoft Windows Graphics Rendering Engine (GDI) Metafile Image Handling Overflow
[36387] Microsoft Windows OLE Automation TextNode Object substringData Method Overflow
[36386] Microsoft Windows Media Player Skin File Handling Crafted Header Arbitrary Code Execution
[36385] Microsoft Windows Media Player Skin File Handling Overflow
[36149] Microsoft IE on Windows Mobile Unspecified Overflow DoS
[36148] Microsoft Windows Mobile Pictures and Videos Malformed JPEG DoS
[36146] Microsoft Windows Terminal Services TLS Downgrade Weakness
[36145] Microsoft Windows Event Viewer (eventvwr.exe) Log Data Exclusion
[36144] Microsoft Windows Bluetooth Unspecified Remote Privilege Escalation
[36143] Microsoft Windows Mobile Pocket PC Edition Unspecified Remote Privilege Escalation
[36141] Microsoft Windows Explorer Ole32.dll Crafted Document Summary Information DoS
[36138] Microsoft Windows Active Directory Time Restriction User Enumeration
[35962] Microsoft Windows XP Registry QHEADLES Permission Weakness
[35961] Microsoft Windows Active Directory LDAP Service Crafted Request Remote DoS
[35960] Microsoft Windows Active Directory LDAP Service Convertible Attribute Remote Code Execution
[35952] Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass
[35637] Microsoft Windows Unspecified Remote Code Execution
[35347] Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitrary Code Execution
[35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure
[35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure
[35344] Microsoft Windows Vista Local User Information Data Stores Information Disclosure
[35341] Microsoft Windows Win32 API Unspecified Remote Code Execution
[34490] Microsoft Windows Explorer Folder Browsing WMV Handling DoS
[34103] Microsoft Windows Web Proxy Autodiscovery Protocol (WPAD) DNS Subversion
[34102] Microsoft Windows Vista Mail Client Crafted Link Arbitrary Program Execution
[34101] Microsoft Windows XP winmm.dll mmioRead Function DoS
[34100] Microsoft Windows DNS RPC Interface Zone Name Remote Overflow
[34099] Microsoft Windows TrueType Fonts Rasterizer Local Privilege Escalation
[34098] Microsoft Windows GDI Functions Windows Metafile (WMF) Handling DoS
[34097] Microsoft Windows GDI Enhanced Metafile (EMF) Handling Local Privilege Escalation
[34096] Microsoft Windows GDI Invalid Window Size Local Privilege Escalation
[34095] Microsoft Windows GDI Crafted Image Local Privilege Escalation
[34011] Microsoft Windows Kernel Mapped Memory Local Privilege Escalation
[34010] Microsoft Windows XP UPnP Remote Memory Corruption
[34009] Microsoft Windows Agent URL Parsing Memory Corruption
[34008] Microsoft Windows Vista CSRSS Local Privilege Escalation
[33668] Microsoft Windows Vista Meeting Space DFSR.exe TCP Connection Persistence
[33667] Microsoft Windows Vista Persistent Established Teredo Address
[33666] Microsoft Windows Vista Teredo nonce Spoofing
[33665] Microsoft Windows Vista Neighbor Discovery Crafted Neighbor Advertisement Redirect
[33664] Microsoft Windows Vista Crafted Gratuitous ARP Overwrite DoS
[33663] Microsoft Windows Vista LLTD Mapper HELLO Packet Spoofing
[33662] Microsoft Windows Vista LLTD Mapper Real Source Field Host Spoofing
[33661] Microsoft Windows Vista LLTD Responder Race Condition Host Spoofing
[33660] Microsoft Windows Vista LLTD Mapper EMIT Packet Gathering Remote DoS
[33635] AMD ATI Radeon for Microsoft Windows Vista atikmdag.sys Kernel Mode Driver DoS
[33628] Microsoft Windows NDISTAPI.sys Permission Weakness Local DoS
[33474] Microsoft Windows ReadDirectoryChangesW API Function File System Information Disclosure
[33307] Microsoft Windows Media MID Malformed Header Chunk DoS
[33306] Microsoft Windows Explorer explorer.exe WMV File Handling DoS
[33219] Microsoft Windows Live Messenger Gestual Emoticon Saturation CPU Consumption DoS
[32629] Microsoft IE on Windows Mobile Malformed WML Page Unspecified DoS
[32628] Microsoft Windows / IE ActiveX (mshtml.dll) Multiple Property NULL Pointer DoS
[32445] Microsoft Windows Workstation Service NetrWkstaUserEnum RPC Request DoS
[31897] Microsoft Windows CSRSS NtRaiseHardError Function Arbitrary Memory Disclosure
[31890] Microsoft Windows Shell New Hardware Local Privilege Escalation
[31889] Microsoft Windows XP SP2 Image Aquisition Service Local Privilege Escalation
[31885] Microsoft Windows OLE Dialog Memory Corruption Remote Code Execution
[31884] Microsoft Windows HTML Help ActiveX Control Arbitrary Code Execution
[31659] Microsoft Windows CSRSS MessageBox Function Privilege Escalation
[31645] Microsoft Windows DNS Recursive Query DoS
[30997] Microsoft Windows .manifest File Handling Local DoS
[30871] Microsoft Windows DRM drmstor.dll ActiveX Object StoreLicense Function Memory Corruption
[30823] Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS
[30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution
[30819] Microsoft Windows Media Player ASX Playlist Handling Overflow
[30818] Microsoft Windows Media Player ASF Parsing Overflow
[30817] Microsoft Windows Remote Installation Service TFTP Arbitrary File Overwrite
[30811] Microsoft Windows SNMP Service Remote Overflow
[30405] Microsoft Windows Active Directory Unspecified DoS
[30263] Microsoft Windows Workstation Service Crafted Message Remote Overflow
[30262] Microsoft Windows Agent ACF File Handling Memory Corruption
[30261] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote DoS
[30260] Microsoft Windows Client Service for NetWare (CSNW) Crafted Message Remote Code Execution
[30214] Microsoft Windows GDI Kernel Structure Modification Code Execution
[30096] Microsoft Windows NAT Helper Components ipnathlp.dll with ICS Malformed DNS Query DoS
[29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
[29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
[29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
[29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
[29439] Microsoft Windows Server Service Crafted SMB Packet Unspecified Issue
[29424] Microsoft Windows Object Packager File Extension Dialog Spoofing
[29409] Microsoft Windows TCP 135 Crafted Packet Saturation DoS
[29351] Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation
[29231] Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution
[29128] Microsoft Windows gdiplus.dll Divide-by-zero DoS
[28731] Microsoft Windows Pragmatic General Multicast (PGM) Multicast Message Arbitrary Code Execution
[28729] Microsoft Windows Indexing Service Unspecified XSS
[28372] Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS
[28208] Microsoft Windows Live Messenger Contact List .ctt File Heap Overflow
[27848] Microsoft Windows Kernel Unspecified Local Privilege Escalation
[27847] Microsoft Windows Unhandled Exception Unspecified Remote Code Execution
[27846] Microsoft Windows Winlogon Search Path Subversion Local Privilege Escalation
[27845] Microsoft Windows Server Service Crafted RPC Message Remote Overflow
[27844] Microsoft Windows DNS Client Service Record Response Overflow
[27843] Microsoft Windows Winsock API Hostname Remote Code Execution
[27797] Microsoft Windows GDI library (gdi32.dll) createBrushIndirect Function WMF Parsing DoS
[27644] Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS
[27155] Microsoft Windows Server Service SRV.SYS Crafted Request SMB Information Disclosure
[27154] Microsoft Windows Server Service SRV.SYS First-class Mailslot Message Remote Overflow
[27152] Microsoft Windows IIS ASP Page Processing Overflow
[27151] Microsoft Windows DHCP Client Service Crafted Response Overflow
[26440] Microsoft Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow
[26439] Microsoft Windows SMB MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk Remote DoS
[26438] Microsoft Windows RPC Mutual Authentication Server Spoofing
[26437] Microsoft Windows RRAS RASMAN Remote Overflow
[26436] Microsoft Windows RASMAN RPC Request Remote Overflow
[26433] Microsoft Windows TCP/IP Protocol Driver Source Routing Overflow
[26432] Microsoft Windows jgdw400.dll ART Image Rendering Overflow
[26431] Microsoft Windows Graphics Rendering Engine PolyPolygon Function Overflow
[26430] Microsoft Windows Media Player PNG Processing Overflow
[25949] Microsoft Windows INETCOMM.DLL mhtml: URI Overflow
[25761] Microsoft Windows NTDLL.DLL RtlDosPathNameToNtPathName_U API Path Conversion Weakness
[25501] Microsoft Windows itss.dll CHM Processing Overflow
[25336] Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS
[25335] Microsoft Windows Distributed Transaction Coordinator (DTC) CRpcIoManagerServer::BuildContext Function Remote Overflow
[24802] Microsoft Windows Help winhlp32.exe Embedded Image Processing Overflow
[24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow
[24516] Microsoft Windows Explorer COM Object Handling Remote Code Execution
[23136] Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privilege Escalation
[23134] Microsoft Windows Web Client Service Crafted WebDAV Request Overflow
[23133] Microsoft Windows IGMPv3 Crafted Packet Remote DoS
[23132] Microsoft Windows Media Player Plug-in Malformed EMBED Element Arbitrary Code Execution
[23131] Microsoft Windows Media Player Bitmap File Processing Overflow
[23047] Microsoft Windows SSDP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[23046] Microsoft Windows SCardSvr SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[23045] Microsoft Windows NetBT SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[23044] Microsoft Windows UPnP SERVICE_CHANGE_CONFIG Permission Weakness Privilege Escalation
[22710] Microsoft Windows Ad-hoc Network Advertisement Weakness
[22697] Microsoft Windows Unspecified Display Driver Large Image Processing DoS
[22396] Microsoft Windows WMF Processing ExtEscape POSTSCRIPT_INJECTION Function Overflow DoS
[22371] Microsoft Windows WMF Processing ExtCreateRegion Function Overflow DoS
[21987] Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution
[21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
[21536] Microsoft Windows backup File Name Extension Overflow
[21510] Microsoft Windows SynAttackProtect Bypass
[20916] Microsoft Windows UPnP GetDeviceList Remote DoS
[20875] Microsoft Windows XP Professional Upgrade MSIE Rollback
[20580] Microsoft Windows GetEnhMetaFilePaletteEntries() EMF File Rendering DoS
[20579] Microsoft Windows GDI Metafile SetPalette Entries Overflow
[20497] Microsoft Windows 98SE User32.dll Icon DoS
[20367] Microsoft Windows XP Fast User Switching Arbitrary Account Lockout
[20366] Microsoft Windows XP Remote Desktop Client Cleartext Account Name Transmission
[20364] Microsoft Windows keybd_event Validation Privilege Escalation
[20356] Microsoft Windows Win32k.sys ShowWindow Function Local DoS
[20279] Microsoft Windows ME ssdpsrv.exe Crafted SSDP Message DoS
[20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
[20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
[20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
[20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
[20188] Microsoft Windows Crafted SMB SMBnegprots Request DOS
[20148] Microsoft Windows smbmount Directory Manipulation Saturation DoS
[20028] Microsoft Windows XP SP2 TFTP Local Overflow
[20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
[20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
[20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
[19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
[19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
[19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
[19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
[19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
[19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
[19993] Microsoft Windows 2000 LDAPS CA Trust Issue
[19922] Microsoft Windows Client Service for NetWare (CSNW) Remote Overflow
[19904] Microsoft Windows DTC Packet Relay DoS
[19903] Microsoft Windows DTC Transaction Internet Protocol (TIP) DoS
[19902] Microsoft Windows COM+ Remote Code Execution
[19901] Microsoft Windows FTP Client Arbitrary File Write
[19900] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2122)
[19899] Microsoft Windows Shell Crafted .lnk File Arbitrary Code Execution (2005-2118)
[19898] Microsoft Windows Web View Arbitrary Script Injection
[19873] Microsoft Windows XP Wireless Zero Configuration Credential/Key Disclosure
[19857] Microsoft Windows SeDebugPrivilege NtSystemDebugControl Function Privilege Escalation
[19775] Microsoft Windows XP ISAKMP UDP Saturation DoS
[19764] Microsoft Windows XP Malformed explorer.exe.manifest Local DoS
[19287] Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness
[19187] Microsoft Windows NT/2000 DNS Server Non-delegated NS Glue Record Cache Poisoning
[19185] Microsoft Windows XP Internet Connection Firewall sessmgr.exe Accss Control Bypass
[19007] Microsoft Windows 95 smbclient Triple Dot Traversal Arbitrary Command Execution
[19006] Microsoft Windows NT snmp.exe Malformed OID Packet Saturation DoS
[18956] Microsoft Windows Registry Editor (Regedt32.exe) Long String Obfuscation
[18830] Microsoft Windows UMPNPMGR wsprintfW Remote Overflow
[18829] Microsoft Windows Open Type (EOT) Font Handling Remote Overflow
[18828] Microsoft Windows Distributed Transaction Coordinator (DTC) Memory Modification Remote Code Execution
[18824] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050627)
[18823] Microsoft Windows Kernel APC Queue Manipulation Local Privilege Escalation
[18821] Microsoft Windows Unspecified Remote Code Execution (EEYEB-20050505)
[18820] Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows
[18730] Microsoft Windows XP SP1 Raw IP Empty Datagram DoS
[18729] Microsoft Windows SNMP LAN Manager (LANMAN) MIB Extension GET/NEXT Request DoS
[18728] Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning
[18681] Microsoft Windows XP User Account Manager Hidden User
[18624] Microsoft Windows Remote Desktop Protocol (RDP) Crafted Packet Remote DoS
[18609] Microsoft Windows Kerberos PKINIT Domain Controller Spoofing
[18608] Microsoft Windows Kerberos Crafted Packet Remote DoS
[18607] Microsoft Windows Print Spooler Service Remote Overflow
[18606] Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow
[18605] Microsoft Windows Plug-and-Play Service Remote Overflow
[18545] Microsoft Windows NT Cenroll ActiveX (xenroll.dll) File Creation Saturation DoS
[18493] Microsoft Windows USB Device Driver Overflow
[17885] Microsoft Windows Network Connections Service netman.dll Remote DoS
[17860] Microsoft Windows NULL Session MSRPC Interface Remote eventlog Disclosure
[17859] Microsoft Windows NULL Session svcctl MSRPC Interface SCM Service Enumeration
[17830] Microsoft Windows Color Management Module ICC Profile Format Tag Remote Overflow
[17434] Microsoft Windows ASN.1 BERDecBitString Function Overflow
[17309] Microsoft Windows Web Client Request Processing Remote Code Execution
[17308] Microsoft Windows Server Message Block (SMB) Remote Code Execution
[17305] Microsoft Windows HTML Help (CHM) File Overflow
[17304] Microsoft Windows Interactive Training .cbo File User Field Overflow
[17131] Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure
[16494] Microsoft Windows Media Player WMDRM License Acquisition Page Redirection
[16430] Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow
[15981] Microsoft Windows XP helpctr.exe Crafted URL Command Execution
[15739] Microsoft Windows Malformed Image Rendering DoS
[15707] Microsoft Windows Explorer Web View Arbitrary Script Insertion
[15469] Microsoft Windows MSHTA Shell Application Association Arbitrary Remote Script Execution
[15463] Microsoft Windows IP Validation Failure Remote Code Execution
[15462] Microsoft Windows CSRSS Local Overflow
[15461] Microsoft Windows Object Management Malformed Request DoS
[15460] Microsoft Windows Kernel Access Request Local Privilege Escalation
[15459] Microsoft Windows Font Processing Local Privilege Escalation
[15458] Microsoft Windows Message Queuing Remote Overflow
[15379] Microsoft Windows ActiveDirectory LDAP Authentication Bypass
[15363] Microsoft Windows Explorer.exe Malformed .wmf Processing DoS
[15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
[15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
[15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
[15339] Microsoft Windows Server Atmf.dll Adobe Font Unloading DoS
[15338] Microsoft Windows Server 2003 Terminal Session Close DoS
[15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
[15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
[15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
[15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
[15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
[15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
[15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
[15215] Microsoft Windows SMTP E-mail Malformed Time Stamp DoS
[15171] Microsoft Windows XP Search Function Arbitrary XML Injection
[15075] Microsoft Windows wab32.dll Malformed .wab File DoS
[15011] Microsoft Windows Remote Desktop TSShutdn.exe Unauthenticated Shutdown DoS
[14862] Microsoft Windows GDI32.DLL GetEnhMetaFilePaletteEntries() API EMF File DoS
[14741] Microsoft Windows XP CommCtl32.dll Shatter Code Execution
[14578] Microsoft Windows Malformed TCP SYN Loopback Packet Remote DoS (land)
[14475] Microsoft Windows Script Engine for Jscript JsArrayFunctionHeapSort Overflow
[14399] Microsoft Windows Media Player .wmf Detection Auto-Run Weakness
[14182] Microsoft Windows Drive Restriction Group Policy Bypass
[14118] Microsoft Windows Malformed ARP Packet Saturation DoS
[13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
[13987] Microsoft Windows XP Help Center helpctr.exe Long hcp: URL Overflow
[13959] Microsoft Windows Universal Plug and Play (UPnP) Malformed Request DoS
[13609] Microsoft Windows Hyperlink Object Library Overflow
[13602] Microsoft Windows OLE Input Validation Overflow
[13601] Microsoft Windows COM Structured Storage Privilege Escalation
[13600] Microsoft Windows SMB Transaction Data Overflow
[13599] Microsoft Windows License Logging Service Overflow
[13597] Microsoft Windows Media Player PNG File Overflow
[13596] Microsoft Windows XP Named Pipe Username Disclosure
[13595] Microsoft Windows Sharepoint Services HTML Redirection XSS
[13577] Microsoft Windows NetBIOS Remote Host Information Disclosure
[13481] Microsoft Windows NT OffloadModExpo CryptographyOffload Registry Key Permission Weakness
[13480] Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness
[13477] Microsoft Windows Java Applet UDP Socket Exhaustion DoS
[13476] Microsoft Windows Media Player asx Parser Multiple Tag Overflow
[13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
[13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
[13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
[13440] Microsoft Windows XP Hot Keys Screen Lock Bypass
[13438] Microsoft Windows CONVERT.EXE FAT32 File Permission Conversion Failure
[13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
[13435] Microsoft Windows XP Port 445 Malformed SYN Packet DoS
[13434] Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS
[13424] Microsoft Windows 2000 Current Password Change Policy Bypass
[13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
[13422] Microsoft Windows PPTP Service Malformed Control Data Overflow
[13421] Microsoft Windows XP RDP Malformed PDU Confirm Active Packet DoS
[13420] Microsoft Windows NTFS Hard Link Audit Bypass
[13419] Microsoft Windows Media Player Active Playlist Arbitrary HTML Script Execution
[13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter)
[13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
[13414] Microsoft Windows RPC Endpoint Manager Malformed Packet Remote DoS
[13413] Microsoft Windows XP Windows Shell Function .mp3/.wma Custom Attribute Overflow
[13411] Microsoft Windows XP Redirector Function Long Parameter Overflow
[13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
[13409] Microsoft Windows XP EXPLORER.EXE desktop.ini .ShellClassInfo Parameter Overflow
[13408] Microsoft Windows SHELL32.DLL ShellExecute API Function Overflow
[13389] Microsoft Windows DirectX QUARTZ.DLL Multiple Field .mid File Overflows
[13330] Microsoft Windows HKLM Registry Key Locking DoS
[13020] Microsoft Windows XP RPC Cache Memory Leak
[12842] Microsoft Windows Cursor and Icon Validation Code Execution
[12840] Microsoft Windows HTML Help Related Topics Arbitrary Command Execution
[12832] Microsoft Windows Indexing Service Query Overflow
[12655] Microsoft Windows Active Directory LSASS.EXE DoS
[12625] Microsoft Windows winhlp32.exe Overflow
[12624] Microsoft Windows Kernel ANI File Parsing DoS
[12623] Microsoft Windows LoadImage API Overflow
[12511] Microsoft Windows Media Player ActiveX Control setItemInfo() / getItemInfo() Arbitrary WMA File Manipulation
[12510] Microsoft Windows Media Player ActiveX Control getItemInfoByAtom() Function File Information Disclosure
[12507] Microsoft Windows XP SP2 Popup Blocker Bypass
[12482] Microsoft Windows XP Dial-Up Access Firewall Disable
[12378] Microsoft Windows WINS Association Context Validation Remote Code Execution
[12377] Microsoft Windows NT DHCP Message Length Remote Overflow
[12376] Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation
[12374] Microsoft Windows HyperTerminal Session File Remote Overflow
[12372] Microsoft Windows Kernel Application Launch Local Privilege Escalation
[12371] Microsoft Windows NT Malformed DHCP Packet Remote Overflow DoS
[12370] Microsoft Windows WINS Computer Name Validation Remote Code Execution
[12123] Microsoft Windows ipconfig.exe Overflow
[12001] Microsoft Windows XP SP2 File Download Warning Bypass
[12000] Microsoft Windows XP SP2 Unspecified Local Zone Access
[11999] Microsoft Windows XP SP2 Unspecified Remote File Access
[11936] Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS
[11917] Microsoft Windows XP SP2 Spoofed Content-Location Warning Bypass
[11801] Microsoft Windows Small Buffer Length SMB Packet Overflow
[11799] Microsoft Windows SMB Signing Group Policy Modification
[11797] Microsoft Windows DCOM RPCSS Service DCERPC Packet Overflow
[11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
[11479] Microsoft Windows NT Double Dot Samba Client DoS
[11478] Microsoft Windows NT Malformed SMB Logon Request DoS
[11477] Microsoft Windows NT LSASS.EXE Access Violation DoS
[11476] Microsoft Windows NT DebugActiveProcess Function Privilege Escalation
[11475] Microsoft Windows NT NtOpenProcessToken Permission Failure
[11474] Microsoft Windows NT CSRSS Thread Exhaustion DoS
[11473] Microsoft Windows NT Messenger Service Long Username DoS
[11472] Microsoft Windows NT DNS Server Malformed Response DoS
[11471] Microsoft Windows NT DNS Server Character Saturation DoS
[11470] Microsoft Windows NT Help File Utility Overflow
[11469] Microsoft Windows NT Malformed File Image Header DoS
[11468] Microsoft Windows NT IOCTL Function DoS
[11463] Microsoft Windows Authenticode ActiveX Install Failure Remote Code Execution
[11462] Microsoft Windows HSC PCHealth System HCP URL Query Overflow
[11461] Microsoft Windows Workstation Service WKSSVC.DLL Logging Function Remote Overflow
[11460] Microsoft Windows RPC DCOM Interface epmapper Pipe Hijack Local Privilege Escalation
[11453] Microsoft Windows 98 Malformed oshare Packet DoS
[11265] Microsoft Windows NT Malformed RPC Packet Error Message Loop DoS (snork)
[11264] Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS
[11259] Microsoft Windows NT Domain User Login System Policy Download Failure
[11162] Microsoft Windows 95 .pwl File Weak Password Encryption
[11161] Microsoft Windows 95 NetWare Remote Administration Hidden File Share
[11159] Microsoft Windows NT Invalid RPC Named Pipe Saturation DoS
[11158] Microsoft Windows NT Malformed Token Ring DoS
[11156] Microsoft Windows NT tcpip.sys Malformed ICMP Request DoS
[11096] Microsoft Windows ntconfig.pol Write Failure Access Restriction Bypass
[11095] Microsoft Windows NT Ntconfig.pol Long Server Name Access Restriction Bypass
[11094] Microsoft Windows NT User Mode Application Handle Closing DoS
[11053] Microsoft Windows XP Explorer WAV Parsing DoS
[11011] Microsoft Windows NT Netbt.sys Malformed DNS Response DoS
[10999] Microsoft Windows Troubleshooter ActiveX Control Tshoot.ocx Arbitrary Code Execution
[10997] Microsoft Windows Media Player ActiveX Control Unauthorized Media Library Manipulation
[10975] Microsoft Windows NT Winpopup Long Username DoS
[10938] Microsoft Windows User32.dll ComboBox CB_DIR Message Local Overflow
[10937] Microsoft Windows User32.dll ListBox LB_DIR Message Local Overflow
[10936] Microsoft Windows Messenger Service Message Length Remote Overflow
[10908] Microsoft Windows XP SP2 ZIP Wizard ZoneID Tracking Failure
[10854] Microsoft Windows XP Zip Manager zipfldr.dll Overflow DoS
[10699] Microsoft Windows Program Group Converter Arbitrary Code Execution
[10698] Microsoft Windows Shell Application Start Arbitrary Code Execution
[10697] Microsoft Windows/Exchange NNTP Component Remote Overflow
[10696] Microsoft Windows/Exchange SMTP DNS Lookup Overflow
[10695] Microsoft Windows Compressed Folders DUNZIP32.DLL File Handling Overflow
[10693] Microsoft Windows Unspecified Kernel Local DoS
[10692] Microsoft Windows Metafile Image Format Arbitrary Code Execution
[10691] Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation
[10690] Microsoft Windows Management APIs Local Privilege Escalation
[10689] Microsoft Windows NetDDE Remote Overflow
[10688] Microsoft Windows WebDAV XML Message Handler Malformed Request DoS
[10686] Microsoft Windows NT RPC Library Arbitrary Memory Manipulation
[10648] Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Privilege Escalation
[10647] Microsoft Windows CIFS Browser Protocol Arbitrary NetBIOS Cache Entry Modification
[10634] Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation
[10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
[10618] Microsoft Windows NT autorun.inf Arbitrary Command Execution
[10616] Microsoft Windows NT Fragmented IP Packet Firewall Restriction Bypass
[10615] Microsoft Windows NT linux smbmount Request DoS
[10614] Microsoft Windows NT %systemroot% Path Inclusion
[10609] Microsoft Windows WINS Malformed Packet Consumption DoS
[10608] Microsoft Windows TCP/IP Last Sequence Forced RST DoS
[10607] Microsoft Windows ICMP Redirect Spoofing DoS
[10606] Microsoft Windows LSA NULL Policy Handle DoS
[10604] Microsoft Windows NT PATH Working Directory Inclusion
[10456] Microsoft Windows IPv6 Packet Fragmentation Handling DoS
[10247] Microsoft Windows SMTP Service NTLM Null Session Mail Relay
[10230] Microsoft Windows XP SP2 File/Print Share Restriction Bypass
[9722] Microsoft Windows NT System Critical Registry Key Contain Bad Value
[9579] Microsoft Windows NT GetThreadContext/SetThreadContext Kernel Mode Address DoS
[9530] Microsoft Windows CRL File Digital Signature Verification Failure
[9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
[9359] Microsoft Windows Page File pagefile.sys Information Disclosure
[9358] Microsoft Windows NT Event Log Inappropriate Permissions
[9356] Microsoft Windows NT HKEY_CLASSES_ROOT Key Inappropriate System-Critical Permissions
[9355] Microsoft Windows NT HKEY_LOCAL_MACHINE Key Inappropriate System-Critical Permissions
[9349] Microsoft Windows NT Systems User Audit Policy Logging Weakness
[9348] Microsoft Windows NT Non-NTFS File System Insecure
[9152] Microsoft Windows XP SP2 Zone Identifier Object Value Warning Failure
[9141] Microsoft Windows File Icon Spoofing
[9140] Microsoft Windows XP Content-Location Local Computer Zone Bypass
[9012] Microsoft Windows XP Internet Connection Firewall Bypass
[8368] Microsoft Windows XP/2003 Login Screen Consumption DoS
[8334] Microsoft Windows NT \?? Object Folder Symlink Privilege Escalation
[8161] Microsoft Windows NT Invalid User Privileges
[8160] Microsoft Windows NT File/Directory Invalid Permissions
[8112] Microsoft Windows NT Weak Account Password Policy
[8051] Microsoft Windows Networking Software Long Filename Handling Arbitrary Command Execution
[7904] Microsoft Windows Media Player ActiveX File Existence Disclosure
[7891] Microsoft Windows IE window.moveBy Function Pointer Hijack (HijackClickV2)
[7855] Microsoft IE on Windows ME Javascript Cookie Set Bypass
[7804] Microsoft Windows HTML Help Arbitrary Code Execution
[7803] Microsoft Windows showHelp Arbitrary Code Execution
[7800] Microsoft Windows POSIX Subsystem Privilege Escalation
[7798] Microsoft Windows Task Scheduler Remote Overflow
[7777] Microsoft Windows Media Control Preview Script Execution
[7738] Microsoft Windows Media Player Skins File Arbitrary Command Execution
[7576] Microsoft Windows NT RSHSVC .Rhosts Unauthorized Access
[7182] Microsoft Windows Media Unicast Service Severed Connection Memory Leak DoS
[7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
[7178] Microsoft Windows Media Player WMP ActiveX Control Javascript Command Execution
[7117] Microsoft Windows RPC Locator Remote Overflow
[6790] Microsoft Windows NT AEDebug Registry Key Weak Permissions
[6515] Microsoft Windows 2000 Domain Expired Account Authentication
[6221] Microsoft Windows XP desktop.ini CLSID Arbitrary Command Execution
[6074] Microsoft Windows Me HSC hcp:// URL XSS
[6053] Microsoft Windows Help and Support Center HCP URL Code Execution
[5968] Microsoft Windows ARP Packet DoS
[5966] Microsoft Windows NT SMB Traversal Arbitrary File Access
[5858] Microsoft Windows NT Rshsvc.exe Arbitrary Command Execution
[5687] Microsoft Windows IE and Explorer Share Name Overflow
[5686] Microsoft Windows Telnet Service Account Information Disclosure
[5558] Microsoft Windows Media Player Advanced Streaming Format Overflow
[5313] Microsoft Windows Media Device Manager Invalid Local Storage Device Privilege Escalation
[5312] Microsoft Windows Media Player .wma IE Cache Arbitrary Code Execution
[5261] Microsoft Windows ASN.1 Double Free Code Execution
[5260] Microsoft Windows SSL Library Malformed Message Remote DoS
[5259] Microsoft Windows Negotiate SSP Code Execution
[5258] Microsoft Windows Virtual DOS Machine Privilege Escalation
[5257] Microsoft Windows Local Descriptor Table Privilege Escalation
[5256] Microsoft Windows Unspecified H.323 Code Execution
[5255] Microsoft Windows Management Privilege Escalation
[5254] Microsoft Windows Utility Manager Privilege Escalation
[5253] Microsoft Windows Help and Support Center Command Execution
[5252] Microsoft Windows Metafile Code Execution
[5251] Microsoft Windows Winlogon Command Execution
[5250] Microsoft Windows SSL Library Private Communications Transport (PCT) Remote Overflow
[5249] Microsoft Windows LDAP Crafted Request Remote DoS
[5248] Microsoft Windows LSASS Remote Overflow
[5247] Microsoft Windows DCOM RPC Object Identity Information Disclosure
[5246] Microsoft Windows CIS/RPC Over HTTP DoS
[5245] Microsoft Windows RPCSS Large Length Field DoS
[5179] Microsoft Windows 2000 microsoft-ds DoS
[4877] Microsoft Windows Terminal Services Kerberos Double Authorization Data Entry
[4467] Microsoft Windows WebDav ntdll.dll Remote Overflow
[4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
[3903] Microsoft Windows WINS Server Remote Overflow
[3902] Microsoft Windows ASN.1 Library Integer Overflow
[3711] Microsoft Windows XP Malicious Folder Automatic Code Execution
[3111] Microsoft IE Windows Scripting Host (WSH) GetObject Javascript Function Arbitrary File Access
[3106] Microsoft Windows Password Authentication Security Point of Failure
[3067] Microsoft Windows Media Player ASF File Arbitrary Code Execution
[2960] Microsoft Windows Messenger Service Social Engineering Weakness
[2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
[2692] Microsoft Windows Design Tools MDT2DD.DLL COM Object Memory Corruption Command Execution
[2678] Microsoft Windows Overflow in ListBox and
[2677] Microsoft Windows Arbitrary ActiveX Control Installation
[2675] Microsoft Windows HCP protocol Overflow
[2670] Microsoft Windows RPC Race Condition DoS
[2657] Microsoft Windows Message Queuing Service Heap Overflow
[2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
[2642] Microsoft Windows Unauthorised Thread Termination
[2571] Microsoft Windows TCP Packet URG Value Information Disclosure
[2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
[2535] Microsoft Windows DCOM RPCSS Service Filename Parameter Overflow
[2507] Microsoft Windows NetBIOS Random Memory Content Disclosure
[2328] Microsoft Windows NT 4.0 with IBM JVM DoS
[2262] Microsoft Windows Media Player DHTML Local Zone Access
[2247] Microsoft Windows Media Services Remote Command Execution #2
[2244] Microsoft Windows 2000 ShellExecute() API Let
[2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
[2100] Microsoft Windows RPC DCOM Interface Overflow
[2074] Microsoft Windows Server Message Block (SMB) Protocol SMB_COM_TRANSACTION Packet Remote Overflow DoS
[2073] Microsoft Windows XP Network Share Provider Overflow
[2072] Microsoft Windows Network Connection Manager Privilege Elevation
[2051] Microsoft Windows User Shell Buffer Overflow
[2037] Microsoft Windows Trusted Domain SID Remote Privilege Escalation
[1990] Microsoft Windows Terminal Services False IP Address
[1975] Microsoft Windows Terminal Server Service RDP Remote DoS
[1928] Microsoft Windows NNTP Malformed Post DoS
[1915] Microsoft Windows Media Player .NSC File Overflow
[1912] Microsoft Windows Terminal Server Malformed RDP DoS
[1861] Microsoft Windows Telnet Local System Call DoS
[1860] Microsoft Windows Telnet Service Handle Leak DoS
[1859] Microsoft Windows Telnet Multiple Sessions DoS
[1858] Microsoft Windows Telnet Service Logon Backspace DoS
[1840] Microsoft Windows Media Player Internet Shortcut Execution
[1764] Microsoft Windows 2000 Domain Controller DoS
[1758] Microsoft Windows 2000 Network DDE Escalated Privileges
[1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
[1735] Microsoft Windows NT SNMP WINS Database Deletion Remote DoS
[1725] Microsoft Windows Media Player .WMZ Arbitrary Java Applet Execution
[1672] Microsoft Windows 2000 Telnet Session Timeout DoS
[1658] Microsoft Windows Media Player .ASX File Handling Overflow
[1656] Microsoft Windows Media Player .WMS Arbitrary Script Execution
[1639] Microsoft Windows NT Terminal Server RegAPI.DLL Username Overflow
[1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
[1621] Microsoft Indexing Services for Windows 2000 .htw XSS
[1607] Microsoft Windows 9x Invalid Driver Type DoS
[1599] Microsoft Windows 9x / Me IPX NMPI Packet DoS
[1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
[1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
[1571] Microsoft Windows Media Player Malformed Embedded OCX Control DoS
[1563] Microsoft Windows / Office DLL Search Path Weakness
[1546] Microsoft Windows Media Unicast Service Malformed Request DoS
[1491] Microsoft Windows 9x IPX Ping Packet DoS
[1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
[1399] Microsoft Windows 2000 Windows Station Access
[1358] Microsoft Windows NT HostAnnouncement DoS
[1308] Microsoft Windows NetBIOS NULL Source Name DoS
[1297] Microsoft Windows 2000 Active Directory Object Attribute
[1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
[1268] Microsoft Windows TCP/IP Printing Service DoS
[1257] Microsoft Windows Media License Manager DoS
[1251] Microsoft Windows MS DOS Device Name DoS
[1226] Microsoft Windows Media Server Malformed Handshake Sequence DoS
[1214] Microsoft Windows NT Recycle Bin Deleted File Access
[1199] Microsoft Windows NT NtImpersonateClientOfPort LPC Privilege Escalation
[1166] Microsoft Windows NT LsaLookupSids() DoS
[1161] Microsoft Windows Help System File Manipulation Local Privilege Escalation
[1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure
[1135] Microsoft Windows NT Print Spooler Service (spoolss.exe) AddPrintProvider() Function Alternate Print Provider Arbitrary Command Execution
[1134] Microsoft Windows NT Print Spooler Malformed Request Overflow
[1095] Microsoft Windows NT RPC Locator (RPCSS.EXE) CPU Utilization DoS
[1076] Microsoft Windows IP Source Routing
[1075] Microsoft Windows NT RASMAN Path Subversion Privilege Escalation
[1046] Microsoft Windows telnet.exe Argument Overflow
[1022] Microsoft Windows Invalid IGMP Header Handling Remote DoS
[1013] Microsoft Windows NT Screensaver Context Local Privilege Escalation
[1010] Microsoft Windows NT Malformed LSA Request DoS
[967] Microsoft Windows NT WINS Service Malformed Data DoS
[945] Microsoft Windows 95/98 SMB Authentication Replay
[943] Microsoft Windows NT SP4 Null NT Hash Value Share Access
[931] Microsoft Windows NT GINA Arbitrary Clipboard Content Disclosure
[868] Microsoft Windows Compressed Folders ZIP Decompression Arbitrary File Write
[867] Microsoft Windows Compiled HTML Help (.chm) Arbitrary Command Execution
[864] Microsoft Windows Certificate Enrollment ActiveX Arbitrary Certificate Deletion
[858] Microsoft Windows NCM Handler Local Privilege Elevation
[837] Microsoft Windows RAS Phonebook dial-up String Overflow
[788] Microsoft Windows smss.exe Handle Duplication Local Privilege Escalation
[773] Microsoft Windows 2000 Group Policy File Lock DoS
[772] Microsoft Windows Multiple UNC Provider Request Overflow
[736] Microsoft Windows SMB Enumeration Information Disclosure
[732] Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS
[715] Microsoft Windows NT LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration
[714] Microsoft Windows NT LsaQueryInformationPolicy() Function SID User Account Disclosure
[697] Microsoft Windows Universal Plug and Play NOTIFY DoS
[692] Microsoft Windows Universal Plug and Play NOTIFY Overflow
[673] Microsoft Windows NT RPC Endpoint Mapper Malformed Request DoS
[665] Microsoft Windows 95 Online Registration Information Disclosure
[608] Microsoft Windows IrDa Driver Malformed Packet Remote Overflow DoS
[581] Microsoft Windows SMTP Incorrect Credentials Authentication Bypass
[572] Microsoft Windows NT NTLMSSP Crafted LPC Request Local Privilege Escalation
[515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
[511] Microsoft Windows Malformed PPTP Packet Stream Remote DoS
[499] Microsoft Windows NT Winsock2ProtocolCatalogMutex Mutex Local DoS
[466] Microsoft Windows NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation
[454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
[445] Microsoft Windows LAN Manager SNMP LanMan Information Disclosure
[424] Microsoft Windows NT Malformed LPC Request Remote DoS
[423] Microsoft Windows File Share Password Protection Bypass
[418] Microsoft Windows telnet.exe NTLM Authentication Information Disclosure
[408] Microsoft Windows Malformed DCE/RPC SMBwriteX Request DoS
[403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
[398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
[385] Microsoft Windows Shell Executable (Explorer.exe) Registry Relative Path Privilege Escalation
[336] Microsoft Windows CIFS Computer Browser ResetBrowser Frame DoS
[335] Microsoft Windows Fragmented IP Packet Saturation DoS (jolt2)
[334] Microsoft Windows Registry: Permission to Modify Common Paths
[332] Microsoft Windows Registry Key Permission Weakness Admin Privilege Escalation
[331] Microsoft Windows Remote Registry Access
[316] Microsoft Windows NT Remote Registry Server WinLogon.exe Malformed Request Local DoS
[304] Microsoft Windows NT service pack level via remote registry access
[303] Microsoft Windows NetBIOS Null Session Remote Registry Access
[300] Microsoft Windows SMB LanMan Pipe Server Listing Disclosure
[299] Microsoft Windows NetBIOS Shares Access Control Weakness
[297] Microsoft Windows Installation ADMIN$ Share Arbitrary Access
[218] Microsoft Windows Multiple TCP/IP Stack Malformed Ping DoS
[129] Microsoft Windows NT FTP 'guest' Account
[96192] Microsoft IE EUC-JP Character Encoding XSS
[96191] Microsoft IE Process Integrity Level Assignment Bypass
[96190] Microsoft IE Unspecified Memory Corruption (2013-3199)
[96189] Microsoft IE Unspecified Memory Corruption (2013-3194)
[96188] Microsoft IE Unspecified Memory Corruption (2013-3193)
[96187] Microsoft IE Unspecified Memory Corruption (2013-3191)
[96186] Microsoft IE Unspecified Memory Corruption (2013-3190)
[96185] Microsoft IE Unspecified Memory Corruption (2013-3189)
[96184] Microsoft IE Unspecified Memory Corruption (2013-3188)
[96183] Microsoft IE Unspecified Memory Corruption (2013-3187)
[96182] Microsoft IE Unspecified Memory Corruption (2013-3184)
[96181] Microsoft Active Directory Federation Services (AD FS) Open Endpoint Unspecified Account Information Disclosure
[96127] National Instruments LabWindows/CVI Help Subsystem ActiveX Unspecified Issue
[95886] OpenAFS for Windows afslogon.dll krb5_context Creation Failure Memory Exhaustion Remote DoS
[95826] Microsoft IE jscript9.dll Recycler::ProcessMark Function Garbage Collection Object Address Information Disclosure Weakness
[95687] Microsoft IE Enhanced / Protected Mode Elevation Policy Check Bypass
[95617] Microsoft IE 9 Status Bar Spoofing Weakness
[95569] Microsoft DirectShow Runtime quartz.dll CWAVEStream::GetMaxSampleSize() Function Multiple Sound File Handling Divide-by-Zero DoS Weakness
[95377] Novell GroupWise on Windows Email Message Body Arbitrary Code Execution Weakness
[95029] Google Chrome for Windows GL Texture Screen Information Disclosure
[94984] Microsoft IE Shift JIS Character Encoding XSS
[94983] Microsoft IE Unspecified Memory Corruption (2013-3115)
[94982] Microsoft IE Unspecified Memory Corruption (2013-3164)
[94981] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution (2013-3163)
[94980] Microsoft IE Unspecified Memory Corruption (2013-3162)
[94979] Microsoft IE Unspecified Memory Corruption (2013-3161)
[94978] Microsoft IE Unspecified Memory Corruption (2013-3153)
[94977] Microsoft IE Unspecified Memory Corruption (2013-3152)
[94976] Microsoft IE Unspecified Memory Corruption (2013-3151)
[94975] Microsoft IE Unspecified Memory Corruption (2013-3150)
[94974] Microsoft IE Unspecified Memory Corruption (2013-3146)
[94973] Microsoft IE Unspecified Memory Corruption (2013-3149)
[94972] Microsoft IE Unspecified Memory Corruption (2013-3148)
[94971] Microsoft IE Unspecified Memory Corruption (2013-3147)
[94969] Microsoft IE Unspecified Memory Corruption (2013-3145)
[94968] Microsoft IE Unspecified Memory Corruption (2013-3144)
[94967] Microsoft IE Unspecified Memory Corruption (2013-3143)
[94960] Microsoft Multiple Product TrueType Font (TTF) File Handling Arbitrary Code Execution
[94959] Microsoft .NET Framework / Silverlight Multidimensional Arrays Small Structure Handling Arbitrary Code Execution
[94958] Microsoft Silverlight NULL Pointer Handling Arbitrary Code Execution
[94957] Microsoft .NET Framework Delegate Object Serialization Permission Validation Privilege Escalation
[94956] Microsoft .NET Framework Small Structure Array Allocation Remote Code Execution
[94955] Microsoft .NET Framework Anonymous Method Injection Reflection Objection Permission Validation Privilege Escalation
[94954] Microsoft .NET Framework Delegate Reflection Bypass Reflection Objection Permission Validation Privilege Escalation
[94507] Microsoft IE Infinite Loop DoS
[94330] Microsoft Outlook S/MIME EmailAddress Attribute Mismatch Weakness
[94154] IBM Informix Dynamic Server on Windows Crafted SQLIDEBUG Handling Remote DoS
[94127] Microsoft Office PNG File Handling Buffer Overflow
[94123] Microsoft IE Webpage Script Debugging Memory Corruption
[94122] Microsoft IE Unspecified Memory Corruption (2013-3142)
[94121] Microsoft IE Unspecified Memory Corruption (2013-3141)
[94120] Microsoft IE Unspecified Memory Corruption (2013-3139)
[94119] Microsoft IE Unspecified Memory Corruption (2013-3125)
[94118] Microsoft IE Unspecified Memory Corruption (2013-3124)
[94117] Microsoft IE Unspecified Memory Corruption (2013-3123)
[94116] Microsoft IE Unspecified Memory Corruption (2013-3122)
[94115] Microsoft IE Unspecified Memory Corruption (2013-3121)
[94114] Microsoft IE Unspecified Memory Corruption (2013-3120)
[94113] Microsoft IE Unspecified Memory Corruption (2013-3119)
[94112] Microsoft IE Unspecified Memory Corruption (2013-3118)
[94111] Microsoft IE Unspecified Memory Corruption (2013-3117)
[94110] Microsoft IE Unspecified Memory Corruption (2013-3116)
[94109] Microsoft IE Unspecified Memory Corruption (2013-3114)
[94108] Microsoft IE Unspecified Memory Corruption (2013-3113)
[94107] Microsoft IE Unspecified Memory Corruption (2013-3112)
[94106] Microsoft IE Unspecified Memory Corruption (2013-3111)
[94105] Microsoft IE Unspecified Memory Corruption (2013-3110)
[94094] Splunk for Windows Universal Forwarder Path Subversion Local Privilege Escalation
[93840] Google Chrome for Windows GetFileHandleForProcess Function ipc_platform_file.cc Handle Value Validation Issue
[93723] Novell Client for Windows nwfs.sys 0x1439EB IOCTL Handling Local Integer Overflow
[93718] Novell Client for Windows nicm.sys 0x143B6B IOTCL Request Handling Local Privilege Escalation
[93425] Mozilla Multiple Product Mozilla Maintenance Service for Windows Local Privilege Escalation
[93396] Microsoft Malware Protection Engine Crafted File Scan Handling Memory Corruption
[93316] Microsoft Visio File Handling External Entity (XXE) Data Parsing Arbitrary File Access
[93315] Microsoft Office Word DOC File Shape Data Handling Arbitrary Code Execution
[93314] Microsoft Office Publisher PUB File Handling Buffer Underflow
[93313] Microsoft Office Publisher PUB File Pointer Handling Arbitrary Code Execution
[93312] Microsoft Office Publisher PUB File Signed Integer Handling Arbitrary Code Execution
[93311] Microsoft Office Publisher PUB File Incorrect NULL Value Handling Arbitrary Code Execution
[93310] Microsoft Office Publisher PUB File Invalid Range Check Handling Arbitrary Code Execution
[93309] Microsoft Office Publisher PUB File Return Value Validation Arbitrary Code Execution
[93308] Microsoft Office Publisher PUB File Handling Buffer Overflow
[93307] Microsoft Office Publisher PUB File Return Value Handling Arbitrary Code Execution
[93306] Microsoft Office Publisher PUB File Corrupt Interface Pointer Handling Arbitrary Code Execution
[93305] Microsoft Office Publisher PUB File Handling Integer Overflow
[93304] Microsoft Office Publisher PUB File Negative Value Allocation Handling Arbitrary Code Execution
[93303] Microsoft Lync Unspecified Use-after-free Arbitrary Code Execution
[93302] Microsoft .NET Framework WCF Endpoint Authentication Unspecified Policy Requirement Weakness Authentication Bypass
[93301] Microsoft .NET Framework XML File Signature Validation Spoofing Weakness
[93298] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution
[93297] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1312)
[93296] Microsoft IE textNode Style Computation Use-after-free Arbitrary Code Execution
[93295] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1310)
[93294] Microsoft IE CDispNode Use-after-free Arbitrary Code Execution
[93293] Microsoft IE TransNavContext Object Handling Use-after-free Arbitrary Code Execution
[93292] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1307)
[93291] Microsoft IE Anchor Element Handling Use-after-free Arbitrary Code Execution
[93290] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-0811)
[93289] Microsoft IE Unspecified JSON Data File Information Disclosure
[93081] Microsoft Security Essentials UninstallString Unquoted Search Path Local Privilege Escalation Weakness
[93075] Forbes Magazine Microsoft Office 365 T-Mobile Router Admin Interface Default Password
[93005] Microsoft IE MSXML XMLDOM Object Local File Enumeration
[92993] Microsoft IE CGenericElement Object Handling Use-after-free Arbitrary Code Execution
[92985] DotNetNuke Modal Windows XSS
[92931] Microsoft System Center Operations Manager Web Console /InternalPages/ViewTypeManager.aspx Multiple Parameter XSS
[92913] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1338)
[92771] HP OpenView Operations / VantagePoint for Windows Remote Managed Node Unauthorized Command Execution
[92487] Sleipnir on Windows SSL Indicators Unspecified Spoofing Weakness
[92284] Microsoft IE localStorage Method History Manipulation Disk Consumption DoS
[92257] Microsoft IE CSS Import Handling Remote DoS
[92129] Microsoft Office HTML Sanitization Component Unspecified XSS
[92128] Microsoft Antimalware Client Improper Pathname Handling Local Privilege Escalation Weakness
[92123] Microsoft SharePoint Server SharePoint Lists Access Control Handling Unspecified Information Disclosure
[92121] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1304)
[92120] Microsoft IE Unspecified Use-after-free Arbitrary Code Execution (2013-1303)
[92015] Windows SNMP Default Community Write Permission Remote Device Manipulation
[91822] Juniper IVE OS Secure Access (SA) Windows Secure Application Manager Uninstall Link XSS
[91199] FFmpeg libavcodec msrledec.c msrle_decode_8_16_24_32 Function Microsoft RLE Data Processing DoS
[91198] Microsoft IE Broker Process Variant Object Handling Sandbox Bypass Arbitrary Code Execution
[91197] Microsoft IE vml.dll Vector Graphic Property Handling Integer Overflow
[91196] Microsoft IE Broker Pop-up Window Handling Protected Mode Bypass (pwn2own)
[91179] Schneider Electric CD Kerwin on Windows Unauthenticated Synoptic Access
[91177] Schneider Electric CD Kerwin on Windows Synoptics Information Disclosure
[91154] Microsoft Office for Mac HTML5 Email Message Unspecified Content Tag Loading Information Disclosure
[91153] Microsoft OneNote Buffer Size Validation ONE File Handling Information Disclosure
[91152] Microsoft SharePoint Unspecified Remote Buffer Overflow DoS
[91151] Microsoft SharePoint Unspecified Traversal Privilege Escalation
[91150] Microsoft SharePoint Unspecified XSS
[91149] Microsoft SharePoint Callback Function Unspecified URL Handling Privilege Escalation
[91148] Microsoft Visio Viewer Unspecified Tree Object Type Confusion Visio File Handling Arbitrary Code Execution
[91147] Microsoft Silverlight Application Handling Unspecified Double Dereference Arbitrary Code Execution
[91146] Microsoft IE CTreeNode Unspecified Use-after-free Arbitrary Code Execution
[91145] Microsoft IE removeChild CHtmlComponentProperty Object Handling Use-after-free Arbitrary Code Execution
[91144] Microsoft IE onBeforeCopy execCommand selectAll Event Handling Use-after-free Arbitrary Code Execution
[91143] Microsoft IE GetMarkupPtr execCommand Print Event Handling Use-after-free Arbitrary Code Execution
[91142] Microsoft IE CElement Unspecified Use-after-free Arbitrary Code Execution
[91141] Microsoft IE CCaret Unspecified Use-after-free Arbitrary Code Execution
[91140] Microsoft IE CMarkupBehaviorContext Object Handling Use-after-free Arbitrary Code Execution
[91139] Microsoft IE saveHistory Onload Event Handler Event Handling Use-after-free Arbitrary Code Execution
[91138] Microsoft IE OnResize / OnMove CElement::EnsureRecalcNotify() Function Use-after-free Arbitrary Code Execution
[91066] IBM WebSphere Application Server (WAS) on Windows was.policy File Permission Handling Weakness
[90933] Microsoft IE Arbitrary HTM File Execution
[90932] Citrix Metaframe for Windows Malformed Java Applet Handling Remote DoS
[90743] RSA Authentication Agent for Windows Quick PIN Unlock Passcode Bypass
[90127] Microsoft IE Vector Markup Language (VML) Buffer Allocation Memory Corruption
[90126] Microsoft IE CHTML CSelectionManager Object Handling Use-after-free Arbitrary Code Execution
[90125] Microsoft IE CObjectElement Object Handling Use-after-free Arbitrary Code Execution
[90124] Microsoft IE CPasteCommand Use-after-free Arbitrary Code Execution
[90123] Microsoft IE InsertElement Use-after-free Arbitrary Code Execution
[90122] Microsoft IE SLayoutRun Use-after-free Arbitrary Code Execution
[90121] Microsoft IE pasteHTML TextRange Object Handling Use-after-free Arbitrary Code Execution
[90120] Microsoft IE CDispNode SVG Object Handling Use-after-free Arbitrary Code Execution
[90119] Microsoft IE LsGetTrailInfo Use-after-free Arbitrary Code Execution
[90118] Microsoft IE vtable Use-after-free Arbitrary Code Execution
[90117] Microsoft IE CMarkup / CData Object Handling Use-after-free Arbitrary Code Execution
[90116] Microsoft IE COmWindowProxy Use-after-free Arbitrary Code Execution
[90115] Microsoft IE SetCapture Method Handling Use-after-free Arbitrary Code Execution
[90114] Microsoft IE Shift JIS Character Encoding Information Disclosure
[89619] Microsoft IE Proxy Server TCP Session Re-use Cross-user Information Disclosure Weakness
[89618] Microsoft IE HTTP / Secure Request Handling Spoofing Weakness
[89593] Embedthis Appweb on Windows src/mpr/mprLib.c mprUrlEncode Function Heap-based Overflow
[89553] Microsoft IE SRC Attribute UNC Share Pathname Handling Arbitrary File Information Disclosure
[89478] Cisco VPN Client for Windows VPN Driver Malformed Application Handling Local DoS
[89303] Scribus on Windows Python Scripter Unspecified Issue
[89164] Microsoft Lync User-Agent Header Handling Remote Arbitrary Command Execution
[89086] Google Chrome for Windows IPC NUL Termination Weakness
[89080] Google Chrome for Windows Shared Memory Allocation Handling Integer Overflow
[89037] Sybase Adaptive Server Enterprise for Windows Unspecified DoS
[89035] Sybase Adaptive Server Enterprise for Windows Unspecified Installation Log File Information Disclosure
[88968] Microsoft .NET Framework Replace() Function Open Data Protocol (OData) HTTP Request Parsing Remote DoS
[88965] Microsoft .NET Framework Double Construction Privilege Escalation
[88964] Microsoft .NET Framework System.DirectoryServices.Protocols.SortRequestControl.GetValue() Method this.keys.Length Parameter Heap Buffer Overflow
[88962] Microsoft .NET Framework System Drawing Memory Pointer Handling CAS Bypass Information Disclosure
[88961] Microsoft System Center Operations Manager Web Console /InternalPages/ExecuteTask.aspx __CALLBACKPARAM Parameter XSS
[88960] Microsoft System Center Operations Manager Web Console Unspecified XSS (2013-0009)
[88959] Microsoft XML Core Services Integer Truncation XML Handling Memory Corruption
[88958] Microsoft XML Core Services Unspecified XSLT Handling Memory Corruption
[88914] Eye-Fi Helper for Windows Image .tar Handling Traversal Arbitrary File Write Remote Privilege Escalation
[88837] Microsoft Office Excel Memory Corruption DoS
[88811] Microsoft Visio VSD File Parsing Memory Corruption
[88774] Microsoft IE CDwnBindInfo Object Handling Use-after-free Arbitrary Code Execution
[88650] Novell NetIQ eDirectory on Windows dhost Malformed HTTP Request Handling Remote DoS
[88642] Trend Micro InterScan VirusWall for Windows interscan.dll Unauthenticated Configuration Manipulation
[88638] Jetty on Windows Mixed Case WEB-INF Request Security Bypass
[88548] gnome-screensaver gs-manager.c show_windows() Function System Resume Screen Content Disclosure
[88539] Microsoft IE mshtml.dll Unclosed Tags Sequence Handling Overflow Arbitrary Code Execution
[88357] Microsoft IE fireEvent() Method Mouse / Keyboard Activity Disclosure
[88319] Microsoft IE InjectHTMLStream Object Handling Use-after-free Arbitrary Code Execution
[88318] Microsoft IE CMarkup Object Handling Use-after-free Arbitrary Code Execution
[88317] Microsoft IE Object Ref Counting Use-after-free Arbitrary Code Execution
[88315] Microsoft Office Word RTF listoverridecount Element Handling Remote Code Execution
[88314] Microsoft Exchange Server RSS Feed Handling Unspecified Remote DoS
[88311] Microsoft IP-HTTPS Component Revoked Certificate Restriction Bypass
[88170] Microsoft IE Malformed Location Header 30x Redirect Handling DoS
[87881] WibuKey Runtime for Windows WkWin32.dll Module DisplayMessageDialog() Method String Parsing Overflow
[87819] Microsoft Office OneNote File Handling Memory Corruption
[87666] Diebold AccuVote-TSX / GEMS SSL Certificate Windows Registry Plaintext Local Password Disclosure
[87555] Adobe ColdFusion for Microsoft IIS Unspecified DoS
[87506] Tor Relay Descriptor Windows Capabilities Remote Disclosure
[87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
[87273] Microsoft Office Excel XLS File Handling Overflow
[87272] Microsoft Office Excel XLS File Invalid Length SST Handling Use-after-free Arbitrary Code Execution
[87271] Microsoft Office Excel XLS File Handling Memory Corruption
[87270] Microsoft Office Excel SerAuxErrBar XLS File Handling Overflow
[87267] Microsoft .NET Framework WPF Reflection Optimization Object Permission Handling Arbitrary Code Execution
[87266] Microsoft .NET Framework Web Proxy Setting Auto-Discovery (WPAD) Handling Remote Code Execution
[87265] Microsoft .NET Framework Path Subversion Arbitrary DLL Injection Code Execution
[87264] Microsoft .NET Framework Partially Trusted Code Function Handling Information Disclosure
[87263] Microsoft .NET Framework Reflection Object Permission Handling Arbitrary Code Execution
[87262] Microsoft IIS FTP Command Injection Information Disclosure
[87261] Microsoft IIS Log File Permission Weakness Local Password Disclosure
[87258] Microsoft IE CTreePos Deleted Object Handling Use-after-free Arbitrary Code Execution
[87257] Microsoft IE CFormElement Deleted Object Handling Use-after-free Arbitrary Code Execution
[87256] Microsoft IE CTreeNode Deleted Object Handling Use-after-free Arbitrary Code Execution
[87255] Microsoft Office Excel XLS File Handling Memory Corruption
[87058] Sophos Anti-Virus for Windows Buffer Overflow Protection System (BOPS) sophos_detoured_x64.dll ASLR Bypass
[86929] Microsoft MN-700 Hardcoded SSL Private Key SSL Traffic Decryption Weakness
[86924] X Windows (X11R6) Malformed Font Size Handling DoS
[86913] Microsoft IE Recursive JavaScript Event Handling DoS
[86906] Microsoft Multiple Products VBScript ActiveX Word Object Handling DoS
[86899] Microsoft IIS 302 Redirect Message Internal IP Address Remote Disclosure
[86898] Microsoft IE Crafted IMG Tag Saturation Remote DoS
[86897] Oracle on Windows TNSLSNR80.EXE Malformed Input Parsing Remote DoS
[86896] Microsoft IE MSScriptControl.ScriptControl GetObject Arbitrary File Access
[86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
[86776] Microsoft IE 9 File NULL Byte Handling XSS Filter Bypass
[86767] Microsoft Office Publisher Read Access Violation PUB File Handling Memory Corruption
[86733] Microsoft Office Picture Manager GIF Image File Handling Memory Corruption
[86732] Microsoft Office DOC File Handling Stack Overflow
[86623] Microsoft Office Excel / Excel Viewer (Xlview.exe) XLS File Handling Arbitrary Code Execution
[86622] Microsoft SQL Server Local Authentication Bypass
[86515] Mozilla Firefox nsFilePicker Windows Recent Documents Privacy Mode Bypass
[86512] Mozilla Firefox on Windows 7 Jump Bar Limited Browsing History Disclosure
[86179] ActiveTcl on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86178] Python on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86177] ActivePerl on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86176] ActivePython on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86174] Zend Server on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86173] RubyInstaller on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86172] PHP on Windows Path Subversion Arbitrary DLL Injection Code Execution
[86158] EMC NetWorker Module for Microsoft Applications (NMM) Communication Channel Crafted Message Parsing Remote Code Execution
[86157] EMC NetWorker Module for Microsoft Applications (NMM) MS Exchange Server Upgrade / Installation Cleartext Admin Credential Local Information Disclosure
[86059] Microsoft Multiple Product HTML String Sanitization XSS Weakness
[86057] Microsoft SQL Server Report Manager Unspecified XSS
[86056] Microsoft Works Unspecified DOC File Handling Memory Corruption
[86055] Microsoft Multiple Product RTF File listid Handling Use-after-free Remote Code Execution
[86054] Microsoft Office Word File PAPX Section Handling Memory Corruption
[85835] Oracle on Windows bb.sqljsp Traversal Arbitrary File Access
[85834] Oracle on Windows a.jsp Traversal Arbitrary File Access
[85833] Microsoft Outlook Concealed Attachment Weakness
[85832] Microsoft Virtual Machine Custom Java Codebase Arbitrary Command Execution
[85830] Microsoft IE index.dat OBJECT DATA Tag File Injection Arbitrary Command Execution
[85826] Microsoft IE mstask.exe Malformed Packet Handling CPU Consumption Remote DoS
[85727] RSA Authentication Agent / Client Windows Credentials Usage Local Authentication Bypass
[85574] Microsoft IE cloneNode Element Use-after-free Memory Corruption
[85573] Microsoft IE CTreeNode Object ISpanQualifier Instance Type Confusion Use-after-free Memory Corruption
[85572] Microsoft IE Event Listener Unspecified Use-after-free Memory Corruption
[85571] Microsoft IE OnMove Unspecified Use-after-free Memory Corruption
[85532] Microsoft IE CMshtmlEd::Exec() Function Use-after-free Remote Code Execution
[85316] Microsoft System Center Configuration Manager ReportChart.asp URI XSS
[85315] Microsoft Visual Studio Team Foundation Server Unspecified XSS
[84912] Microsoft MS-CHAP V2 Virtual Private Network (VPN) MitM Password Disclosure
[84896] Skype on Windows Malformed File Transfer Remote Memory Corruption DoS
[84606] Microsoft Visio DXF File Handling Overflow
[84605] Microsoft Office Computer Graphics Metafile (CGM) File Handling Memory Corruption
[84597] Microsoft IE JavaScript Parsing Memory Object Size Calculation Memory Corruption
[84596] Microsoft IE NULL Object Handling Use-after-free Arbitrary Code Execution
[84595] Microsoft IE Layout Handling Deleted Object Handling Memory Corruption
[84594] Microsoft IE Deleted Virtual Function Table Handling Arbitrary Code Execution
[84553] Microsoft Help &
[84433] Citrix Access Gateway Plugin for Windows ActiveX (nsepa.exe) StartEPA() Method Multiple HTTP Response Header Parsing Remote Overflow
[84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
[84224] Sybase Adaptive Server Enterprise for Windows Java Unspecified Arbitrary File Access
[83860] Microsoft IE XML Data Handling Arbitrary File Access
[83797] Microsoft IE on NT Hashed Password Remote Disclosure MiTM Weakness
[83771] Microsoft IIS Tilde Character Request Parsing File / Folder Name Information Disclosure
[83720] Microsoft .NET Framework Crafted Tilde (~) Request Resource Consumption Remote DoS
[83672] Microsoft IE NTLM Authentication Remote Information Disclosure
[83655] Microsoft Visual Basic for Applications Unspecified Path Subversion Arbitrary DLL Injection Code Execution
[83654] Microsoft Office for Mac Insecure Permissions Arbitrary File Creation Local Privilege Escalation
[83653] Microsoft IE Deleted Cached Object Handling Memory Corruption
[83652] Microsoft IE Attribute Removal Handling Memory Corruption
[83651] Microsoft SharePoint Reflected List Parameter Unspecified XSS
[83650] Microsoft SharePoint scriptresx.ashx Unspecified XSS
[83649] Microsoft SharePoint Arbitrary User Search Scope Manipulation
[83648] Microsoft SharePoint Unspecified Arbitrary Site Redirect
[83647] Microsoft SharePoint Username Unspecified XSS
[83567] Microsoft NT Advanced Server (NTAS) FTP Client Pipe Character Arbitrary Command Execution
[83545] Microsoft Outlook Web App owa/redir.aspx URL Parameter Arbitrary Site Redirect
[83454] Microsoft IIS ODBC Tool ctguestb.idc Unauthenticated Remote DSN Initialization
[83439] Microsoft IE Long Unicode String Handling DoS
[83388] Microsoft JET Database Engine (MS Access) ODBC API Crafted VBA String Remote Command Execution
[83386] Microsoft IIS Non-existent IDC File Request Web Root Path Disclosure
[83251] Google Chrome for Windows metro_driver.dll Path Subversion Arbitrary DLL Injection Code Execution Weakness
[82873] Microsoft XML Core Services Uninitalized Memory Object Handling Remote Code Execution
[82872] Microsoft IE Scrolling Events Cross-domain Remote Information Disclosure
[82871] Microsoft IE OnRowsInserted Deleted Object Handling Memory Corruption
[82870] Microsoft IE insertRow Deleted Object Handling Memory Corruption
[82869] Microsoft IE insertAdjacentText Memory Location Accessing Memory Corruption
[82868] Microsoft IE OnBeforeDeactivate Event Deleted Object Handling Memory Corruption
[82867] Microsoft IE Title Element Change Deleted Object Handling Memory Corruption
[82866] Microsoft IE Col Element Deleted Object Handling Memory Corruption
[82865] Microsoft IE Same ID Property Deleted Object Handling Memory Corruption
[82864] Microsoft IE Developer Toolbar Deleted Object Handling Memory Corruption
[82863] Microsoft IE Null Byte Process Memory Remote Information Disclosure
[82862] Microsoft IE EUC-JP Character Encoding XSS
[82861] Microsoft IE HTML Sanitization String Handling Remote Information Disclosure
[82860] Microsoft IE Center Element Deleted Object Handling Memory Corruption
[82859] Microsoft .NET Framework Memory Access Function Pointer Handling Memory Corruption
[82853] Microsoft Dynamics AX Enterprise Portal Unspecified XSS
[82852] Microsoft Lync Unspecified Path Subversion Arbitrary DLL Injection Code Execution
[82848] Microsoft IIS $INDEX_ALLOCATION Data Stream Request Authentication Bypass
[82673] Mozilla Multiple Product Windows Shares HTML Page Loading Arbitrary File Access
[82565] Microsoft IE / Outlook OBJECT Handling Arbitrary File Access
[82564] Microsoft Word WebView Crafted Metadata Handling Arbitrary Script Execution
[82563] Microsoft Visual Studio WebViewFolderIcon ActiveX (MSCOMM32.OCX) Overflow
[82562] Microsoft IE Cross-Origin Window Forced Navigation Weakness
[82473] Microsoft WordPad DOC File Handling NULL Pointer Dereference DoS
[82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
[82405] Microsoft ASP.NET Session ID Generation Entropy Weakness
[81960] Google Chrome for Windows NPAPI Plugins Search Path Subversion Local Privilege Escalation
[81903] Microsoft Office X for Macintosh Registration Service Remote Overflow DoS
[81734] Microsoft .NET Framework Untrusted User Input Serialization Remote Code Execution
[81733] Microsoft .NET Framework Partially Trusted Assembly Object Serialization Remote Code Execution
[81732] Microsoft Office RTF Data Handling Memory Corruption
[81731] Microsoft Visio Viewer Attribute Validation Visio File Handling Memory Corruption
[81728] Microsoft Office Excel Excel File Handling Memory Corruption
[81727] Microsoft Office Excel OBJECTLINK Record Excel File Handling Memory Corruption
[81726] Microsoft Office Excel Modified Bytes Excel File Handling Memory Corruption
[81725] Microsoft Office Excel SLXI Record Excel File Handling Memory Corruption
[81724] Microsoft Office Excel Type Mismatch Series Record Excel File Handling Memory Corruption
[81723] Microsoft Office Excel MergeCells Record Excel File Handling Overflow
[81722] Microsoft .NET Framework Buffer Allocation XBAP / .NET Application Handling Remote Code Execution
[81721] Microsoft .NET Framework WPF Application Index Value Comparison Request Parsing Remote DoS
[81719] Microsoft Office GDI+ Library Embedded EMF Image Office Document Handling Overflow
[81718] Microsoft Silverlight Hebrew Unicode Engine XAML Glyph Rendering Double-free Remote Code Execution
[81624] IBM AppScan / Policy Tester Integrated Windows Authentication Service Account Hijacking
[81331] Microsoft Visual Studio Incremental Linker (link.exe) ConvertRgImgSymToRgImgSymEx Function COFF Symbol Table Executable Handling Remote Overflow
[81134] Microsoft Multiple Product Works Converter WPS File Handling Remote Overflow
[81133] Microsoft .NET Framework CRL (Common Language Runtime) Function Parameter Parsing Remote Code Execution
[81132] Microsoft Forefront Unified Access Gateway Default Website Configuration External Network Information Disclosure
[81131] Microsoft Forefront Unified Access Gateway UAG Server Arbitrary Site Redirect
[81130] Microsoft IE vgx.dll VML Style Deleted Object Handling Remote Memory Corruption
[81129] Microsoft IE SelectAll Deleted Object Handling Remote Memory Corruption
[81128] Microsoft IE onReadyStateChange Event Deleted Object Handling Remote Memory Corruption
[81127] Microsoft IE JScript9 Deleted Object Handling Remote Memory Corruption
[81126] Microsoft IE Print Feature HTML Page Printing Remote Code Execution
[81125] Microsoft Multiple Product MSCOMCTL.OCX Multiple Control Memory Corruption
[81112] Microsoft SQL Server RESTORE DATABASE Command SQL Injection
[80487] Microsoft Security Essentials Antimalware Engine Malformed CAB File Handling Scan Bypass
[80443] Microsoft Security Essentials Antimalware Engine Malformed RAR File Handling Scan Bypass
[80402] Microsoft Security Essentials Antimalware Engine Malformed TAR File Handling Scan Bypass
[80376] Sophos Anti-Virus Malformed Microsoft Office File Handling Scan Bypass
[80375] Comodo Antivirus Malformed Microsoft Office File Handling Scan Bypass
[80352] Bitcoin-Qt for Windows Malformed Bitcoin Protocol Message Handling Remote Code Execution
[80174] Microsoft IE Protected Mode Bypass Low Integrity Process Handling Memory Corruption DoS
[80173] Microsoft IE Unspecified Overflow
[80088] Apple Safari Internationalized for Windows Domain Name (IDN) Feature Homoglyph Parsing Domain Name Spoofing Weakness
[80006] Microsoft Visual Studio Add-In Loading Local Privilege Escalation
[80001] Microsoft Expression Design Path Subversion Arbitrary DLL Injection Code Execution
[79629] Diebold AccuVote-TS Memory Card explorer.glb BallotStation Boot Sequence Bypass Windows Access
[79551] Sun Java on Windows fontmanager.dll UIManager.getSystemLookAndFeelClassName Function Overflow
[79268] Microsoft IE Deleted Object VML Handling Remote Memory Corruption
[79267] Microsoft IE String Creation NULL Byte Handling Process Memory Information Disclosure
[79266] Microsoft IE Deleted Object HTML Layout Handling Remote Memory Corruption
[79265] Microsoft IE Copy and Paste Cross-domain Information Disclosure
[79264] Microsoft SharePoint wizardlist.aspx skey Parameter XSS
[79263] Microsoft SharePoint themeweb.aspx Unspecified XSS
[79262] Microsoft SharePoint inplview.aspx Unspecified XSS
[79261] Microsoft .NET Framework / Silverlight Buffer Length Calculation XAML Browser Application Handling Remote Memory Corruption
[79260] Microsoft .NET Framework / Silverlight Unmanaged Object XAML Browser Application Handling Remote Code Execution
[79258] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0038)
[79257] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0037)
[79256] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0036)
[79255] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0020)
[79254] Microsoft Visio Viewer Unspecified Visio File Handling Remote Memory Corruption (2012-0019)
[79192] Microsoft IE Javascript Dialog Origin Spoofing
[79186] Microsoft IE onunload Location Field Overwrite
[79173] Microsoft IE Image Control Title Attribute Status Bar Spoofing
[79164] Microsoft IE about:blank Location Bar Overlay Phishing Weakness
[79120] Microsoft Live Writer Path Subversion Arbitrary DLL Injection Code Execution
[79118] Microsoft RDP Client Path Subversion Arbitrary DLL Injection Code Execution
[79116] Microsoft Snapshot Viewer Path Subversion Arbitrary DLL Injection Code Execution
[79115] Microsoft MS Clip Book Viewer Path Subversion Arbitrary DLL Injection Code Execution
[79114] Microsoft Clip Organizer Path Subversion Arbitrary DLL Injection Code Execution
[79113] Microsoft Movie Maker Path Subversion Arbitrary DLL Injection Code Execution
[79112] Microsoft Virtual PC Path Subversion Arbitrary DLL Injection Code Execution
[79088] Windows Live Messenger (Hotmail) for iPhone Username Local Disclosure
[79041] Webmin Samba Windows File Sharing Module /tmp/.webmin Local Password Disclosure
[78738] Mozilla Multiple Products mImageBufferSize() Method image/vnd.microsoft.icon Image Encoding Information Disclosure
[78442] Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue
[78208] Microsoft AntiXSS Library Sanitization Module Escaped CSS Content Parsing XSS Weakness
[78057] Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS
[78056] Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content Parsing Remote Code Execution
[78055] Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass
[78054] Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary Site Redirect
[77675] Microsoft IE Content-Disposition Header Parsing Cross-Domain Remote Information Disclosure
[77674] Microsoft IE Path Subversion Arbitrary DLL Injection Code Execution
[77673] Microsoft IE XSS Filter Event Parsing Cross-Domain Remote Information Disclosure
[77672] Microsoft Office Publisher Unspecified Publisher File Handling Remote Memory Corruption
[77671] Microsoft Office Publisher Invalid Pointer Publisher File Handling Remote Memory Corruption
[77670] Microsoft Office Publisher Array Indexing Publisher File Handling Remote Memory Corruption
[77669] Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Option Local Privilege Escalation
[77668] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution
[77665] Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote Code Execution
[77664] Microsoft Office PowerPoint OfficeArt Shape Record PowerPoint File Handling Remote Memory Corruption
[77661] Microsoft Office Excel Record Parsing Object Handling Remote Memory Corruption
[77659] Microsoft Office Use-after-free Border Property Word Document Handling Remote Code Execution
[77606] Microsoft IE JavaScript Implementation getComputedStyle Method Page Handling Remote Information Disclosure
[77537] Microsoft IE Cache Objects IFRAME Handling Browsing History Disclosure
[77228] Microsoft Outlook Client Large Header Handling Message Body Content Injection
[76953] Mozilla Multiple Products Windows D2D Hardware Acceleration Same Origin Policy Bypass Remote Information Disclosure
[76460] Microsoft Office Publisher pubconv.dll PUB File Handling Overflow
[76406] MPlayer on Windows wrapped Allocation Function calloc() Multiple File Handling Remote Overflow
[76237] Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Remote DoS
[76236] Microsoft Forefront Unified Access Gateway MicrosoftClient.jar JAR File Code Execution
[76235] Microsoft Forefront Unified Access Gateway ExcelTables Response Splitting Unspecified XSS
[76234] Microsoft Forefront Unified Access Gateway Unspecified XSS
[76233] Microsoft Forefront Unified Access Gateway ExcelTables Unspecified XSS
[76224] Microsoft Host Integration Server Multiple Process Request Parsing Remote Memory Corruption DoS
[76223] Microsoft Host Integration Server Multiple Process Request Parsing Infinite Loop Remote DoS
[76214] Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page Handling Remote Code Execution
[76213] Microsoft IE Virtual Function Table Corruption mshtml.dll Extra Size Index Handling Remote Code Execution
[76212] Microsoft IE Use-after-free swapNode() Method Body Element Handling Remote Code Execution
[76211] Microsoft IE Select Element Handling Uninitialized Object Access Remote Memory Corruption
[76210] Microsoft IE Jscript9.dll Uninitialized Object Access Remote Memory Corruption
[76209] Microsoft IE Use-after-free OnLoad Event Handling Remote Code Execution
[76208] Microsoft IE Use-after-free Type-Safety Weakness Option Element Handling Remote Code Execution
[76207] Microsoft IE OLEAuto32.dll Uninitialized Object Access Remote Memory Corruption
[76206] Microsoft IE Use-after-free Scroll Event Handling Remote Code Execution
[76049] ServersCheck Monitoring windowsaccountsedit.html Multiple Parameter XSS
[75537] Google Chrome Windows Media Player Plugin Infobar Bypass
[75511] Microsoft HTML Help itss.dll CHM File Handling Overflow
[75471] Windows Media Player AVI File Handling Overflow DoS
[75394] Microsoft SharePoint Source Parameter Arbitrary Site Redirect
[75393] Microsoft SharePoint Unspecified URI XSS
[75391] Microsoft SharePoint Contact Details XSS
[75390] Microsoft SharePoint EditForm.aspx XSS
[75389] Microsoft SharePoint SharePoint Calendar URI XSS
[75387] Microsoft Office Excel Unspecified Signedness Error Excel File Handling Memory Corruption
[75386] Microsoft Office Excel Unspecified Conditional Expression Parsing Excel File Handling Memory Corruption
[75385] Microsoft Office Excel Unspecified Excel File Record Handling Memory Corruption
[75384] Microsoft Office Excel Unspecified Array-Indexing Weakness Excel File Handling Memory Corruption
[75383] Microsoft Office Excel Unspecified Use-after-free Memory Dereference Excel File Handling Remote Code Execution
[75381] Microsoft SharePoint XML / XSL File Handling Unspecified Arbitrary File Disclosure
[75380] Microsoft Office MSO.dll Object Pointer Dereference Word Document Handling Remote Code Execution
[75379] Microsoft Office MSO.dll Path Subversion Arbitrary DLL Injection Code Execution
[75345] Apple QuickTime on Windows Movie File mp4v Tag Image Description Memory Corruption
[75289] GTK+ modules/engines/ms-windows/xp_theme.c uxtheme.dll Path Subversion Arbitrary DLL Injection Code Execution
[75271] Microsoft SilverLight DataGrid Memory Leak Multiple Element Remote DoS
[75269] Microsoft Silverlight DependencyProperty Property Handling Remote DoS
[75250] Microsoft IE Unspecified Remote Code Execution
[75174] W-Agora on Windows search.php3 bn Parameter Traversal Local File Inclusion
[75172] W-Agora on Windows login.php3 bn Parameter Traversal Local File Inclusion
[75171] W-Agora on Windows for-print.php3 bn Parameter Traversal Local File Inclusion
[75030] Microsoft msxml.dll xsltGenerateIdFunction Heap Memory Address Disclosure Weakness
[74976] Joomla! Administrative Modal Windows XSS
[74827] Pidgin on Windows gtkutils.c file: URL Arbitrary Program Execution
[74689] PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary File Overwrite
[74525] Bugzilla on Windows Uploaded Attachment Temporary File Local Information Disclosure
[74500] Microsoft IE STYLE Object Parsing Memory Corruption
[74499] Microsoft IE SetViewSlave() Function XSLT Object Markup Reloading Memory Corruption
[74498] Microsoft IE Shift JIS Character Sequence Parsing Cross-domain Remote Information Disclosure
[74497] Microsoft IE Event Handler Cross-domain Remote Information Disclosure
[74496] Microsoft IE Protected Mode Bypass Arbitrary File Creation
[74495] Microsoft IE window.open() Function Race Condition Memory Corruption
[74494] Microsoft IE Crafted Link Telnet URI Handler Remote Program Execution
[74450] Microsoft IE HTTPS Session HTTP Set-Cookie Header HSTS includeSubDomains Weakness MiTM Arbitrary Cookie Overwrite
[74404] Microsoft .NET Framework System.Net.Sockets Code Access Security Bypass Information Disclosure
[74403] Microsoft .NET Framework Chart Control Special URI Character GET Request Parsing Remote Information Disclosure
[74398] Microsoft Visio Move Around the Block Visio File Handling Remote Code Execution
[74397] Microsoft Visio pStream Release Visio File Handling Remote Code Execution
[74396] Microsoft Report Viewer Control Unspecified XSS
[74207] IBM Tivoli Directory Server (TDS) on Windows cn=changelog Search Remote DoS
[74192] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Certificate Subject DLL Validation MiTM Remote Code Execution
[74191] Citrix Access Gateway Plugin for Windows NSEPA.NsepaCtrl.1 ActiveX (nsepa.ocx) Crafted HTTP Header Remote Overflow
[74052] Microsoft IE EUC-JP Encoding Unspecified XSS
[73977] ArcSight Connector Appliance Windows Event Log SmartConnector Exported Report Files Permissions Weakness Local Log Data Modification
[73897] Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Overflow
[73835] Opera Pop-up Windows Text Node Selection DoS
[73773] WebKit Windows Functionality Same Origin Policy Bypass Arbitrary File Disclosure
[73670] Microsoft IE XSLT Heap Memory Address Information Disclosure
[73660] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution
[73647] Google Chrome on Windows Unspecified Remote Code Execution
[73380] Microsoft Lync Web Components Server Reach/Client/WebPages/ReachJoin.aspx reachLocale Parameter XSS
[73372] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption
[73230] IBM Datacap Taskmaster Capture Cross-domain Username Windows Authentication Remote Bypass
[73100] Microsoft Word Insufficient Pointer Validation Memory Corruption
[72960] Microsoft SMB Client Response Handling Remote Code Execution
[72954] Microsoft IE Vector Markup Language (VML) Object Handling Memory Corruption
[72953] Microsoft IE MIME Sniffing Information Disclosure
[72952] Microsoft IE CDL Protocol 302 HTTP Redirect Memory Corruption
[72951] Microsoft IE selection.empty JavaScript Statement onclick Event Memory Corruption
[72950] Microsoft IE layout-grid-char Style Property Handling Memory Corruption
[72949] Microsoft IE Drag and Drop Information Disclosure
[72948] Microsoft IE Multiple JavaScript Modifications DOM Manipulation Memory Corruption
[72947] Microsoft IE Time Element Memory Corruption
[72946] Microsoft IE Drag and Drop Memory Corruption
[72944] Microsoft IE SafeHTML Function XSS
[72943] Microsoft IE vgx.dll imagedata VML Object DOM Modification Memory Corruption
[72942] Microsoft IE Link Properties Handling Memory Corruption
[72934] Microsoft XML Editor External Entities Resolution Unspecified Information Disclosure
[72933] Microsoft Forefront Threat Management Gateway (TMG) Firewall Client Winsock Provider Remote Code Execution
[72932] Microsoft .NET Framework JIT Object Validation Arbitrary Code Execution
[72931] Microsoft .NET Framework / Silverlight Array Offset Remote Code Execution
[72927] Microsoft Office Excel Out of Bounds WriteAV Unspecified Arbitrary Code Execution
[72926] Microsoft Office Excel WriteAV Unspecified Arbitrary Code Execution
[72925] Microsoft Office Excel File Handling Unspecified Memory Corruption
[72924] Microsoft Office Excel File Handling Unspecified Buffer Overflow
[72923] Microsoft Office Excel Unspecified Memory Heap Overwrite Arbitrary Code Execution
[72922] Microsoft Office Excel Out of Bounds Array Access Unspecified Arbitrary Code Execution
[72921] Microsoft Office Excel Improper Record Parsing Unspecified Arbitrary Code Execution
[72920] Microsoft Office Excel Insufficient Record Validation Unspecified Arbitrary Code Execution
[72916] Autonomy KeyView Windows Write File Processing Overflow
[72724] Microsoft IE Cookie Jacking Account Authentication Bypass
[72696] Microsoft Reader AOLL Chunk Array Overflow
[72695] Microsoft Reader ITLS Header Piece Handling Overflow
[72688] Microsoft IE CEnroll tar.setPendingRequestInfo Remote DoS
[72687] Microsoft Reader aud_file.dll Audible Audio File Handling Null Byte Memory Corruption
[72686] Microsoft Reader msreader.exe Integer Underflow LIT File Handling Overflow
[72685] Microsoft Reader msreader.exe LIT File Handling Overflow
[72680] Microsoft IE UTF-7 Local Redirection XSS
[72679] Microsoft IE Tags javascript:[jscodz] XSS
[72677] Microsoft IE Mime-Sniffing Content-Type Handling Weakness
[72674] Microsoft IE img Tag Cross-domain Cookie Disclosure
[72671] Microsoft Excel Spreadsheet Printing Memory Cleartext PIN Disclosure
[72236] Microsoft Office PowerPoint Presentation Parsing Unspecified Overflow
[72235] Microsoft Office PowerPoint File Handling Unspecified Memory Corruption
[72091] Mozilla Firefox for Windows WebGLES Library Missing ASLR Protection Weakness
[71929] HP Virtual Server Environment for Windows Unspecified Remote Privilege Escalation
[71856] Microsoft IIS Status Header Handling Remote Overflow
[71847] Wireshark on Windows epan/dissectors/packet-nfs.c NFS Dissector DoS
[71782] Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Processing Stack Corruption
[71777] Microsoft IE Frame Tag Handling Information Disclosure
[71771] Microsoft Office PowerPoint TimeColorBehaviorContainer (Techno-color Time Bandit) Floating Point Processing Remote Code Execution
[71770] Microsoft Office PowerPoint PersistDirectoryEntry Processing Remote Code Execution
[71769] Microsoft Office PowerPoint OfficeArt Atom Parsing Remote Code Execution
[71767] Microsoft Office Path Subversion Arbitrary DLL Injection Code Execution
[71766] Microsoft Office Excel RealTimeData Record Parsing WriteAV Remote Code Execution
[71765] Microsoft Office Excel File Validation Record Handling Overflow
[71761] Microsoft Office Excel File Handling Memory Corruption
[71760] Microsoft Office Excel File Handling Unspecified Memory Corruption
[71759] Microsoft Office Excel External Record Parsing Signedness Overflow
[71758] Microsoft Office Excel Substream Parsing Integer Underflow
[71726] Microsoft IE JavaScript Unspecified Cross-domain Information Disclosure
[71725] Microsoft IE Object Management onPropertyManagement Processing Memory Corruption
[71724] Microsoft IE Layouts Handling Memory Corruption
[71670] Microsoft IE Pop-up Window Address Bar Spoofing Weakness
[71668] Microsoft Visual Studio CPFE.DLL Malformed Source File Handling DoS
[71665] Microsoft .NET Framework on XP KB982671 Persistent Firewall Disablement
[71596] QTweb for Windows CSS Handling DoS
[71595] Apple Safari on Windows CSS Handling DoS
[71594] Microsoft IE JavaScript Math.random Implementation Seed Reconstruction Weakness
[71400] Adobe Reader / Acrobat on Windows Unspecified Permissions Issue Privilege Escalation (2011-0564)
[71354] Nessus Client on Windows Path Subversion Arbitrary DLL Injection Code Execution
[71086] Microsoft Visual Studio MFC Applications Path Subversion Arbitrary DLL Injection Code Execution
[71017] Microsoft Malware Protection Engine (MMPE) Crafted Registry Key Local Privilege Escalation
[70904] Microsoft Office Excel OfficeArt Container Parsing Memory Corruption
[70857] Metasploit Framework on Windows Insecure Filesystem Permissions Local Privilege Escalation
[70850] Windows Azure SDK Web Role Session Cookies State Information Disclosure
[70833] Microsoft IE Insecure Library Loading Remote Code Execution
[70832] Microsoft IE mshtml.dll Dangling Pointer Memory Corruption Remote Code Execution
[70831] Microsoft IE Uninitialized Memory Corruption Remote Code Execution (2011-0035)
[70829] Microsoft Visio Unspecified Data Type Handling Memory Corruption Remote Code Execution
[70828] Microsoft Visio LZW Stream Decompression Exception Remote Code Execution
[70821] Microsoft OpenType Compact Font Format (CFF) Parsing Remote Code Execution
[70813] Microsoft Office PowerPoint OfficeArt Container Parsing Remote Code Execution
[70812] Microsoft Office Excel Invalid Object Type Handling Remote Code Execution
[70811] Microsoft Office Excel Axis Properties Record Parsing Overflow
[70810] Microsoft Office Excel Drawing File Format Shape Data Parsing Use-after-free Arbitrary Code Execution
[70726] Opera on Windows Downloads Manager Filesystem Viewing Application Pathname Verification Weakness Arbitrary Code Execution
[70622] HP Business Service Management on Windows Unspecified XSS
[70557] Oracle Database Server on Windows Cluster Verify Utility Named Pipe Arbitrary Local Command Execution
[70509] Oracle Sun Directory Server Enterprise Edition Identity Synchronization for Windows Unspecified Local Issue
[70444] Microsoft Data Access Components (MDAC / WDAC) MSADO Record CacheSize Handling Remote Code Execution
[70443] Microsoft Data Access Components (MDAC / WDAC) ODBC API (odbc32.dll) SQLConnectW Function DSN / szDSN Argument Handling Overflow
[70392] Microsoft IE DOM Implementation cross_fuzz GUI Display Weakness
[70391] Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Code Execution
[70167] Microsoft IIS FTP Server Telnet IAC Character Handling Overflow
[70142] ManageEngine globalSettings.do newWindows Parameter XSS
[70012] Opera on Windows Insecure Third Party Module Warning Message Implementation Weakness
[69942] Microsoft WMI Administrative Tools WEBSingleView.ocx ActiveX Remote Code Execution
[69830] Microsoft IE Cross-Domain Information Disclosure (2010-3348)
[69829] Microsoft IE HTML+Time Element outerText Memory Corruption
[69828] Microsoft IE Recursive Select Element Remote Code Execution
[69827] Microsoft IE Animation HTML Object Memory Corruption (2010-3343)
[69826] Microsoft IE Cross-Domain Information Disclosure (2010-3342)
[69825] Microsoft IE HTML Object Memory Corruption (2010-3340)
[69817] Microsoft SharePoint Office Document Load Balancer Crafted SOAP Request Remote Code Execution
[69815] Microsoft Office Publisher Array Indexing Memory Corruption
[69814] Microsoft Office Publisher Malformed PUB File Handling Memory Corruption
[69813] Microsoft Office Publisher pubconv.dll Array Indexing Memory Corruption
[69812] Microsoft Office Publisher pubconv.dll Unspecified Heap Overrun
[69811] Microsoft Office Publisher pubconv.dll Size Value Handling Heap Corruption
[69810] Microsoft Exchange Server store.exe Malformed MAPI Request Infinite Loop Remote DoS
[69809] Microsoft Office FlashPix Image Converter Tile Data Handling Heap Corruption
[69808] Microsoft Office FlashPix Image Converter Picture Set Processing Overflow
[69807] Microsoft Office Document Imaging Endian Conversion TIFF Image Handling Memory Corruption
[69806] Microsoft Office TIFF Image Converter Endian Conversion Buffer Overflow
[69805] Microsoft Office TIFF Import/Export Graphic Filter Converter Multiple Overflows
[69804] Microsoft Office PICT Image Converter Overflow
[69803] Microsoft Office CGM Image Converter Overflow
[69796] Microsoft IE CSS Parser mshtml.dll CSharedStyleSheet::Notify Function Use-after-free Remote Code Execution
[69771] Mozilla Multiple Products For Windows Line-breaking document.write Call Arbitrary Code Execution
[69753] Apple QuickTime on Windows Crafted Track Header Atom Overflow
[69752] Apple QuickTime on Windows Apple Computer Directory Permissions Weakness Local Information Disclosure
[69606] AWStats on Windows awstats.cgi configdir Parameter Crafted Share Config File Arbitrary Command Execution
[69311] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow
[69095] Microsoft Forefront Unified Access Gateway (UAG) Signurl.asp XSS
[69094] Microsoft Forefront Unified Access Gateway (UAG) Mobile Portal Website Unspecified XSS
[69093] Microsoft Forefront Unified Access Gateway (UAG) EOP Unspecified XSS
[69092] Microsoft Forefront Unified Access Gateway (UAG) Redirection Spoofing Weakness
[69091] Microsoft Office PowerPoint File Animation Node Parsing Underflow Heap Corruption
[69090] Microsoft Office PowerPoint 95 File Parsing Overflow
[69089] Microsoft Office Insecure Library Loading Remote Code Execution
[69088] Microsoft Office MSO Large SPID Read AV Remote Code Execution
[69087] Microsoft Office Drawing Exception Handling Remote Code Execution
[69086] Microsoft Office Art Drawing Record Parsing Remote Code Execution
[69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
[68987] Microsoft IE mshtml CSS Tag Use-after-free Memory Corruption
[68918] Windows Server 2008 Color Control Panel Path Subversion Arbitrary DLL Injection Code Execution
[68855] Microsoft IE window.onerror Error Handling URL Destination Information Disclosure
[68585] Microsoft Foundation Classes (MFC) Library Window Title Handling Remote Overflow
[68584] Microsoft Office Word Uninitialized Pointer Handling Remote Code Execution
[68583] Microsoft Office Word Unspecified Boundary Check Remote Code Execution
[68582] Microsoft Office Word Array Index Value Handling Unspecified Remote Code Execution
[68581] Microsoft Office Word File Unspecified Structure Handling Stack Overflow
[68580] Microsoft Office Word Return Value Handling Unspecified Remote Code Execution
[68579] Microsoft Office Word Bookmark Handling Invalid Pointer Remote Code Execution
[68578] Microsoft Office Word Pointer LFO Parsing Double-free Remote Code Execution
[68577] Microsoft Office Word Malformed Record Handling Remote Heap Overflow
[68576] Microsoft Office Word BKF Object Parsing Array Indexing Remote Code Execution
[68575] Microsoft Office Word File LVL Structure Parsing Remote Code Execution
[68574] Microsoft Office Word File Record Parsing Unspecified Memory Corruption
[68573] Microsoft Office Excel File Unspecified Record Parsing Remote Integer Overflow
[68572] Microsoft Office Excel Formula Record Parsing Memory Corruption (2010-3231)
[68571] Microsoft Office Excel File Format Parsing Remote Code Execution
[68570] Microsoft Office Excel Lotus 1-2-3 Workbook Parsing Remote Overflow
[68569] Microsoft Office Excel Formula Substream Record Parsing Memory Corruption
[68568] Microsoft Office Excel Formula Biff Record Parsing Remote Code Execution
[68567] Microsoft Office Excel Out Of Bounds Array Handling Remote Code Execution
[68566] Microsoft Office Excel Merge Cell Record Pointer Handling Remote Code Execution
[68565] Microsoft Office Excel Negative Future Function Parsing Remote Code Execution
[68564] Microsoft Office Excel PtgExtraArray Structure Parsing Remote Code Execution
[68563] Microsoft Office Excel RealTimeData Record Array Parsing Remote Code Execution
[68562] Microsoft Office Excel Out-of-Bounds Memory Write in Parsing Memory Corruption
[68561] Microsoft Office Excel Ghost Record Type Parsing Remote Code Execution
[68556] Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Code Execution
[68548] Microsoft IE / SharePoint Unspecified XSS
[68547] Microsoft IE CSS Special Character Processing Unspecified Information Disclosure
[68546] Microsoft IE Object Handling Unspecified Memory Corruption (2010-3326)
[68545] Microsoft IE Anchor Element Handling Unspecified Information Disclosure
[68544] Microsoft IE AutoComplete Functionality Unspecified Information Disclosure
[68543] Microsoft IE HtmlDlgHelper Class Object Handling Memory Corruption
[68542] Microsoft IE CSS imports() Cross-domain Information Disclosure
[68541] Microsoft IE mshtml.dll CAttrArray::PrivateFind Function Object Handling Memory Corruption
[68540] Microsoft IE mshtml.dll Object Handling Uninitialized Memory Corruption (2010-3331)
[68438] Microsoft XSS Filter Library Bypass
[68413] Adobe Reader / Acrobat on Windows Unspecified ActiveX Arbitrary Code Execution
[68362] Apple Safari on Windows Webkit.dll Malformed SGV Text Style Handling DoS
[68151] Microsoft Office Word MSO.dll Crafted Document Buffer NULL Dereference DoS
[68127] Microsoft ASP.NET ViewState Cryptographic Padding Remote Information Disclosure
[68123] Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS Protection Mechanism Bypass
[67984] Microsoft Multiple Products Unicode Scripts Processor (Usp10.dll) OpenType Font Processing Memory Corruption
[67982] Microsoft Outlook E-mail Content Parsing Remote Overflow
[67980] Microsoft IIS Unspecified Remote Directory Authentication Bypass
[67979] Microsoft IIS FastCGI Request Header Handling Remote Overflow
[67978] Microsoft IIS Repeated Parameter Request Unspecified Remote DoS
[67977] Microsoft Visual C++ Redistributable Path Subversion Arbitrary DLL Injection Code Execution
[67973] HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Overflow
[67960] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution
[67834] Microsoft IE Cross-Origin CSS Style Sheet Handling Information Disclosure
[67795] HP Operations Agent on Windows Unspecified Remote Code Execution
[67794] HP Operations Agent on Windows Unspecified Local Privilege Escalation
[67733] RealPlayer on Windows RealMedia IVR File Malformed Header Index Array Error Arbitrary Code Execution
[67730] RealPlayer on Windows Unspecified Access Restriction Remote Bypass
[67704] IBM DB2 Universal Database on Windows User / Group Enumeration DoS
[67602] Apple QuickTime on Windows Path Subversion Arbitrary DLL Injection Code Execution
[67598] Microsoft Office OneNote Path Subversion Arbitrary DLL Injection Code Execution
[67597] Microsoft Office Word Path Subversion Arbitrary DLL Injection Code Execution
[67596] Microsoft Office Excel Path Subversion Arbitrary DLL Injection Code Execution
[67595] Microsoft Office Access Path Subversion Arbitrary DLL Injection Code Execution
[67594] Microsoft Outlook Path Subversion Arbitrary DLL Injection Code Execution
[67547] Apple Safari on Windows Path Subversion Arbitrary DLL Injection Code Execution
[67546] Microsoft Visio Path Subversion Arbitrary DLL Injection Code Execution
[67503] Microsoft Outlook Express Path Subversion Arbitrary DLL Injection Code Execution
[67484] Microsoft Office Groove Path Subversion Arbitrary DLL Injection Code Execution
[67483] Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Execution
[67463] Microsoft IE location.replace Address Bar Spoofing
[67455] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue
[67365] Microsoft IE removeAttribute() Method Multiple HTML Element Handling NULL Pointer DoS
[67329] Apple iTunes for Windows Path Subversion Arbitrary DLL Injection Code Execution
[67258] Microsoft ClickOnce MITM Weakness
[67132] Microsoft IE Modal Application Prompt Rendering Unspecified DoS
[67131] Microsoft IE mshtml.dll Malformed CSS Handling DoS
[67121] Windows Mobile on HTC Unspecified Client-side Issue
[67119] Microsoft Outlook Web Access (OWA) Multiple Function CSRF
[67003] Microsoft IE HTML Layout Table Element Handling Memory Corruption
[67002] Microsoft IE Object Handling Unspecified Memory Corruption (2010-2559)
[67001] Microsoft IE CIframeElement Object Handling Race Condition Memory Corruption
[67000] Microsoft IE boundElements Property Handling Memory Corruption
[66999] Microsoft IE OnPropertyChange_Src() Function Malformed HTML/JS Data Handling Memory Corruption
[66998] Microsoft IE Event Handler Unspecified Cross-domain Information Disclosure
[66997] Microsoft Office Word DOC plcffldMom Parsing Memory Corruption
[66996] Microsoft Office Word RTF Document Object Control Word Drawing Overflow
[66995] Microsoft Office Word RTF Document Control Word Parsing Memory Corruption
[66994] Microsoft Office Word Malformed Record Parsing Unspecified Remote Code Execution
[66993] Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote Code Execution
[66992] Microsoft Silverlight Pointer Handling Unspecified Memory Corruption
[66991] Microsoft Office Excel PivotTable Cache Data Record Handling Overflow
[66973] Microsoft XML Core Services Msxml2.XMLHTTP.3.0 ActiveX HTTP Response Handling Memory Corruption
[66752] Google Chrome Windows Kernel Flaw Mitigation Weakness Unspecified Issue
[66458] Microsoft DirectX DirectPlay Unspecified NULL Dereference Remote DoS
[66457] Microsoft DirectX DirectPlay Unspecified Packet Handling Remote DoS
[66381] HP Insight Orchestration for Windows Unspecified Remote Data Modification
[66337] Oracle Database Server on Windows Net Foundation Layer Component Unspecified DoS (2010-0903)
[66334] Oracle Database Server on Windows Network Layer Component Unspecified Remote Issue (2010-0900)
[66296] Microsoft Outlook SMB Attachment Handling Arbitrary Program Execution
[66295] Microsoft IE / Office FieldList ActiveX (ACCWIZ.dll) Remote Code Execution
[66294] Microsoft Office Access AccWizObjects ActiveX Remote Code Execution
[66263] HP Virtual Connect Enterprise Manager for Windows Unspecified XSS
[66219] Microsoft Help Files (.CHM) Locked File Functionality Bypass
[66160] Microsoft IIS Basic Authentication NTFS Stream Name Permissions Bypass
[66040] Ruby on Windows ARGF.inplace_mode Variable Local Overflow
[65794] Microsoft IE Cross-domain IFRAME Gadget Focus Change Restriction Weakness Keystroke Disclosure
[65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
[65503] Microsoft IE CImWebObj ActiveX Local Overflow DoS
[65502] Microsoft IE Unspecified DoS
[65487] NovaBACKUP Network / NovaNet on Windows Unspecified Remote Arbitrary Code Execution
[65441] Microsoft .NET ASP.NET Form Control __VIEWSTATE Parameter XSS
[65343] Microsoft IE ICMFilter Arbitrary UNC File Access
[65294] nginx on Windows Encoded Space Request Remote Source Disclosure
[65242] CA ARCserve Backup on Windows Unspecified Local Information Disclosure
[65239] Microsoft Office Excel String Variable Handling Unspecified Code Execution
[65238] Microsoft Office Excel Malformed RTD Handling Memory Corruption
[65237] Microsoft Office Excel Malformed RTD Record Handling Memory Corruption
[65236] Microsoft Office Excel Malformed OBJ Record Handling Overflow
[65235] Microsoft Office Excel Malformed HFPicture Handling Memory Corruption
[65234] Microsoft Office Excel on Mac OS X Open XML Permission Weakness
[65233] Microsoft Office Excel Unspecified Memory Corruption (2010-0823)
[65232] Microsoft Office Excel Malformed ExternName Record Handling Memory Corruption
[65231] Microsoft Office Excel Malformed WOPT Record Handling Memory Corruption
[65230] Microsoft Office Excel EDG / Publisher Record Handling Memory Corruption
[65229] Microsoft Office Excel SxView Record Handling Memory Corruption
[65228] Microsoft Office Excel ADO Object DBQueryExt Record Handling Arbitrary Code Execution
[65227] Microsoft Office Excel SXVIEW Record Parsing Memory Corruption
[65226] Microsoft Office Excel Unspecified Record Handling Stack Corruption Arbitrary Code Execution
[65220] Microsoft SharePoint Crafted Request Help Page Invocation Remote DoS
[65218] Microsoft IE 8 Developer Tools ActiveX Remote Code Execution
[65216] Microsoft IIS Extended Protection for Authentication Memory Corruption
[65215] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1259)
[65214] Microsoft IE Uninitialized Object Handling Memory Corruption (2010-1261)
[65213] Microsoft IE HTML Element Handling Memory Corruption
[65212] Microsoft IE CStyleSheet Object Handling Memory Corruption
[65211] Microsoft IE / Sharepoint toStaticHTML Information Disclosure
[65150] Microsoft ASP.NET HtmlContainerControl InnerHtml Property Setting Weakness XSS
[65110] Microsoft IE Invalid news / nntp URI IFRAME Element Handling Remote DoS
[65024] Microsoft Access Backslash Escaped Input SQL Injection Protection Bypass
[65013] Microsoft .NET ASP.NET EnableViewStateMac Property Default Configuration XSS
[64980] Microsoft Outlook Web Access (OWA) URI id Parameter Information Disclosure
[64978] HTC Windows Mobile SMS Preview PopUp SMS Message XSS
[64952] Microsoft IE img Tag Hijacking Weakness
[64944] Microsoft Dynamics GP Default System Password
[64848] Microsoft Dynamics GP System Password Field Substitution Cipher Weakness
[64828] Microsoft IE history go ActiveX Overflow DoS
[64824] Microsoft IE Address Bar Character Conversion Spoofing Weakness
[64794] Microsoft Multiple Products smtpsvc.dll DNS Implementation Predictable Transaction ID MitM DNS Response Spoofing Weakness
[64793] Microsoft Multiple Products smtpsvc.dll DNS Implementation ID Transaction Validation MiTM DNS Response Spoofing Weakness
[64791] Mozilla Firefox on Windows JavaScript P Element xul.dll gfxWindowsFontGroup::MakeTextRun Function DoS
[64790] Mozilla Firefox on Windows JavaScript P Element String Handling DoS
[64789] Mozilla Firefox on Windows JavaScript String Concatenation Substring Operation NULL Dereference DoS
[64786] Microsoft IE mailto: URL Multiple IFRAME Element Handling DoS
[64702] Apple Safari on Windows HTTP Authorization: Basic Header Logging Cross-domain Information Disclosure
[64666] Microsoft IE Invisible Hand Extension HTTP Request Logging Cookie Product Search Disclosure
[64615] HP Insight Control Server Migration for Windows Unspecified XSS
[64539] Microsoft Office OCX ActiveX Controls OpenWebFile() Arbitrary Program Execution
[64533] Microsoft IE document.createElement NULL Dereference DoS
[64531] Microsoft Outlook Web Access (OWA) Path Traversal Attachment Handling Weakness
[64529] Microsoft Visual Basic for Applications VBE6.dll Single-Byte Stack Overwrite
[64446] Microsoft Office Visio VISIODWG.DLL Crafted DXF File Handling Overflow
[64387] Apple Safari on Windows data.length Handling Local DoS
[64384] OpenOffice.org (OOo) on Windows slk File Parsing NULL Pointer DoS
[64170] Microsoft SharePoint Server _layouts/help.aspx cid0 Parameter XSS
[64083] Microsoft IE XSS Filter Script Tag Filtering Weakness
[63931] HP Operations Manager on Windows SourceView ActiveX (srcvw32.dll / srcvw4.dll) LoadFile() Method Remote Overflow
[63766] Adobe Reader on Windows PDF Document Embedded EXE File Arbitrary Code Execution
[63748] Microsoft Office Publisher 97 File Conversion TextBox Processing Overflow
[63742] Microsoft Office Visio Unspecified Index Calculation Memory Corruption
[63741] Microsoft Office Visio Unspecified Attribute Validation Memory Corruption
[63653] DWG Windows FTP Server Multiple Command Login Restriction Bypass
[63522] Microsoft Virtual PC / Server Hypervisor Virtual Machine Monitor Memory Management Implementation Memory Location Protection Mechanism Restriction Bypass
[63473] Microsoft IE XML Document Image Element SRC Attribute Unspecified Issue
[63470] Microsoft IE Unspecified Arbitrary Code Execution (PWN2OWN)
[63469] Microsoft IE DLL File Base Address Discovery Overflow (PWN2OWN)
[63451] Apple QuickTime on Windows Crafted BMP File Arbitrary Code Execution
[63450] Apple iTunes on Windows Installation Package Race Condition Local Privilege Escalation
[63448] Apple QuickTime on Windows MediaVideo Sample Description Atom (STSD) Parsing Memory Corruption
[63447] Apple QuickTime on Windows Crafted PICT Image Overflow
[63428] Microsoft Wireless Keyboard MAC Address XOR Key Generation Weakness
[63335] Microsoft IE Unspecified Uninitialized Memory Corruption
[63334] Microsoft IE Post Encoding Information Disclosure
[63333] Microsoft IE Unspecified Race Condition Memory Corruption
[63332] Microsoft IE Object Handling Unspecified Memory Corruption (2010-0490)
[63331] Microsoft IE HTML Object onreadystatechange Event Handler Memory Corruption
[63330] Microsoft IE HTML Rendering Unspecified Memory Corruption
[63329] Microsoft IE Tabular Data Control (TDC) ActiveX URL Handling CTDCCtl::SecurityCHeckDataURL Function Memory Corruption
[63328] Microsoft IE HTML Element Handling Cross-Domain Information Disclosure
[63327] Microsoft IE CTimeAction Object TIME2 Handling Memory Corruption
[63324] Microsoft IE createElement Method Crafted JavaScript NULL Dereference DoS
[63322] Apple Safari on Windows JavaScriptCore.dll HTML Document Object Substring Occurrence DoS
[63296] Windows Media Player Error Message Remote File Enumeration
[63262] Mozilla Multiple Products on Windows extensions/auth/nsAuthSSPI.cpp nsAuthSSPI::Unwrap Function DoS
[63260] CA ARCserve Backup for Windows JRE Multiple Unspecified Issues
[63247] Novell eDirectory for Windows Malformed HTTP Request Handling Remote Overflow
[63139] lighttpd on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
[63138] Mongoose on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
[63137] Cherokee Web Server on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
[63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
[62938] Apple Safari on Windows URL Scheme Validation Crafted HTML File Handling Arbitrary Code Execution
[62936] Apple Safari on Windows ImageIO Crafted TIFF File Arbitrary Code Execution
[62935] Apple Safari on Windows ImageIO Crafted TIFF File Process Memory Disclosure
[62934] Apple Safari on Windows ImageIO Crafted BMP File Process Memory Disclosure
[62933] Apple Safari / iTunes on Windows ColorSync Crafted Image Color Profile Overflow
[62823] Microsoft Office Excel XLS File DbOrParamQry Record Parsing Overflow
[62822] Microsoft Office Excel XLSX File ZIP Header Processing Memory Corruption
[62821] Microsoft Office Excel FNGROUPNAME Record Handling Memory Corruption
[62820] Microsoft Office Excel Workbook Globals Stream MDXSET Record Handling Overflow
[62819] Microsoft Office Excel MDXTUPLE Record Handling Overflow
[62818] Microsoft Office Excel Sheet Object Type Confusion Arbitrary Code Execution
[62817] Microsoft Office Excel File Record Handling Unspecified Memory Corruption
[62810] Microsoft IE iepeers.dll Use-After-Free Arbitrary Code Execution
[62751] Apple Safari on Windows CFNetwork cfnetwork.dll Multiple Element Remote DoS
[62587] Hitachi JP1/Cm2/Network Node Manager Remote Console on WIndows File Permission Weakness Unspecified Local Privilege Escalation
[62547] Adobe getPlus DLM (Download Manager) on Windows getPlus Downloader Software Installation Authorization Weakness
[62466] Microsoft IE CSS Stylesheet Cross-origin Information Disclosure
[62438] Google Gadget ActiveX Microsoft ATL Template Unspecified Arbitrary Code Execution
[62400] Microsoft Wordpad Malformed RTF File Parsing Memory Exhaustion DoS
[62309] Google Chrome on Windows Shortcut Character Escaping Arbitrary Program Execution
[62246] Microsoft Data Analyzer ActiveX Web Page Handling Unspecified Arbitrary Code Execution
[62241] Microsoft Office Powerpoint TextBytesAtom Record Handling Remote Code Execution
[62240] Microsoft Office Powerpoint TextCharsAtom Record Handling Remote Code Execution
[62239] Microsoft Office Powerpoint File Path Handling Overflow
[62238] Microsoft Office Powerpoint LinkedSlideAtom Handling Remote Code Execution
[62237] Microsoft Office Powerpoint OEPlaceholderAtom placementId Parameter Handling Remote Code Execution
[62236] Microsoft Office Powerpoint msofbtClientData Container OEPlaceholderAtom Use After Free Remote Code Execution
[62235] Microsoft Office Excel MSO.DLL OfficeArtSpgr Container Overflow
[62229] Microsoft IIS Crafted DNS Response Inverse Lookup Log Corruption XSS
[62221] OpenSolaris Default Configuration smbadm Windows Active Directory Domain Joining Unspecified Issue
[62220] OpenSolaris Default Configuration kclient Windows Active Directory Domain Joining Unspecified Issue
[62157] Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access
[62156] Microsoft IE Dynamic OBJECT Tag Cross-domain Arbitrary File Access
[61914] Microsoft IE Javascript Cloned DOM Object Handling Memory Corruption
[61913] Microsoft IE HTML Object Handling Unspecified Memory Corruption
[61912] Microsoft IE Baseline Tag Rendering Memory Corruption
[61911] Microsoft IE Table Layout Reuse Memory Corruption
[61910] Microsoft IE Table Layout Col Tag Cache Update Handling Memory Corruption
[61909] Microsoft IE Unspecified Crafted URL Handling Arbitrary Code Execution
[61908] Cisco InternetWork Performance Monitor on Windows getProcessName CORBA GIOP Request Overflow
[61906] Adobe Flash Player on Windows ActiveX Unspecified Arbitrary Remote Code Execution
[61905] Adobe Flash Player on Windows Use-after-free Movie Unloading Memory Corruption
[61697] Microsoft IE mshtml.dll Use-After-Free Arbitrary Code Execution (Aurora)
[61525] Microsoft Commerce Server ADMINDBPS Registry Key Encoded Password Local Disclosure
[61516] Apple Safari for Windows search-ms Protocol Handler Arbitrary Program Execution
[61432] Microsoft IIS Colon Safe Extension NTFS ADS Filename Syntax Arbitrary Remote File Creation
[61294] Microsoft IIS ASP Crafted semicolon Extension Security Bypass
[61249] Microsoft IIS ctss.idc table Parameter SQL Injection
[61203] GTK+ gdk/gdkwindow.c gdk_window_begin_implicit_paint() Function Foreign Windows Weakness
[60891] Adobe Flash Player ActiveX on Windows Unspecified Arbitrary File Access
[60839] Microsoft IE CAttrArray Object Circular Dereference Remote Code Execution
[60838] Microsoft IE CSS Element Access Race Condition Memory Corruption
[60837] Microsoft IE XHTML DOM Manipulation Memory Corruption
[60834] Microsoft WordPad / Office Text Converters Word97 File Handling Memory Corruption
[60830] Microsoft Office Project File Handling Memory Validation Arbitrary Code Execution
[60804] Novell iPrint Client on Windows Unspecified Time Information Overflow
[60803] Novell iPrint Client on Windows ienipp.ocx target-frame Parameter Handling Overflow
[60660] Microsoft IE Response-Changing Mechanism Output Encoding XSS
[60587] Windows File Sharing Samba Client Resource Exhaustion DoS
[60578] Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking
[60510] SugarCRM on Windows .htaccess Direct Request Arbitrary File Access
[60504] Microsoft IE PDF Export Title Property File Path Disclosure
[60490] Microsoft IE Layout STYLE Tag getElementsByTagName Method Handling Memory Corruption
[60437] PHP on Windows popen Invalid Mode Handling DoS
[60401] Microsoft IE Crafted DHTML AnchorClick Attribute Handling Remote DoS
[60397] Microsoft Outlook HTML Email CODEBASE Parameter Arbitrary Program Execution
[60370] PGP PGPDisk Windows User Switching Cross-user Plaintext Information Disclosure
[60317] HP Operations Manager on Windows Unspecified Access Restriction Bypass
[60295] Microsoft IE Image ICC Profile Tag Count Handling DoS
[60294] Microsoft MSN Messenger Image ICC Profile Tag Count Handling DoS
[60285] Apple QuickTime / Darwin Streaming Server on Windows parse_xml.cgi filename Parameter Traversal Arbitrary File Access
[60282] Microsoft Pocket IE (PIE) object.innerHTML Function Remote DoS
[60198] Microsoft IE DHTML Property setHomePage Method JavaScript Loop Remote DoS
[60176] Apache Tomcat Windows Installer Admin Default Password
[60134] Netscape sun.awt.windows.WDefaultFontCharset Java Class WDefaultFontCharset Constructor Overflow
[60047] SecureClean Windows Alternatve Data Stream Information Disclosure
[60046] PGP Data Wipe Windows Alternatve Data Stream Information Disclosure
[60045] Sami Tolvanen Eraser Windows Alternatve Data Stream Information Disclosure
[60044] East-Tec Eraser 2002 Windows Alternatve Data Stream Information Disclosure
[60043] BCWipe Windows Alternatve Data Stream Information Disclosure
[60020] Microsoft Visual C++ MFC Static Library ISAPI Extension (Isapi.cpp) CHttpServer::OnParseError Overflow
[60004] Microsoft SQL Server Multiple Stored Procedure Unprivileged Configuration Manipulation
[59996] Apple Mac OS X QuickLook Crafted Microsoft Office Document Handling Overflow
[59968] Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
[59915] Sun Java SE Swing Implementation Windows Pluggable Look and Feel (PL&
[59907] MySQL on Windows bind-address Remote Connection Weakness
[59906] MySQL on Windows Default Configuration Logging Weakness
[59892] Microsoft IIS Malformed Host Header Remote DoS
[59886] Microsoft Exchange Malformed Microsoft Remote Procedure Call (MSRPC) Remote DoS
[59866] Microsoft Office Excel Document Record Parsing Memory Corruption
[59864] Microsoft Office Excel Malformed Record Object Sanitization Failure Arbitrary Code Execution
[59863] Microsoft Office Excel Formula Handling Pointer Corruption Arbitrary Code Execution
[59862] Microsoft Office Excel Cell Embeded Formula Parsing Memory Corruption
[59861] Microsoft Office Excel BIFF Record Parsing Overflow
[59860] Microsoft Office Excel BIFF File FEATHEADER cbHdrData Size Element Handling Memory Corruption
[59859] Microsoft Office Excel SxView Record Handling Memory Corruption
[59858] Microsoft Office Excel Malformed PivotCache Stream Handling Memory Corruption
[59857] Microsoft Office Word Document Malformed File Information Block (FIB) Parsing Memory Corruption
[59826] vqSoft vqServer for Windows DOS Filename Request Access Bypass
[59808] Microsoft Exchange Request Saturation License Exhaustion Remote DoS
[59774] Multiple Antivirus Microsoft Exchange Malformed E-mail X Header Scan Bypass
[59718] Sun Java JDK / JRE on Windows Update Notification Weakness
[59688] Novell NetWare Client on Windows Help Feature Login Authentication Bypass
[59653] Microsoft MN-500 Backup Function Cleartext Credential Local Disclosure
[59636] Microsoft SQL Server SQL Authentication Password Encryption Weakness
[59635] My Remote File Server on Windows Permission Weakness Local Privilege Escalation
[59621] Microsoft IIS CodeBrws.asp Off-By-One File Check Bypass Source Disclosure
[59615] ProxyView Embedded Windows NT Default Admin Account Password
[59563] Microsoft Baseline Security Analyzer (MBSA) Security Scan Result Cleartext Local Disclosure
[59561] Microsoft IIS CodeBrws.asp Encoded Traversal Arbitrary File Source Disclosure
[59503] Microsoft IE Rendering Engine Crafted MIME Type Arbitrary Script Execution
[59502] Microsoft IE / Outlook Express Crafted XML Stylesheet (XSL) Arbitrary Script Execution
[59501] Microsoft IE MSScriptControl.ScriptControl / GetObject Frame Domain Validation Bypass
[59500] Microsoft IE HTML Parser (MSHTML.DLL) Browser Window Object Handling DoS
[59479] Microsoft Office SharePoint Server Team Services _layouts/download.aspx Multiple Parameter ASP.NET Source Disclosure
[59360] Microsoft IIS ASP Page Visual Basic Script Malformed Regex Parsing DoS
[59326] Napster Client on Windows Message Handling Overflow
[59323] Microsoft IE Active Movie ActiveX Arbitrary File Download
[59322] Microsoft Jet Database Crafted Query Arbitrary Command Execution
[59289] Microsoft Java Virtual Machine getSystemResourceAsStream Function Arbitrary File Access
[59263] Microsoft IE IMG Tag width Handling DoS
[59259] Microsoft Site Server / Commercial Internet System (MCIS) Cookie Expiry Weakness
[59258] Microsoft Exchange ACL Modification Update Weakness
[59253] Windows File Sharing for Apple Mac OS X Improper Shutdown Unspecified Issue
[59249] Windows NT Unprivileged Local Share Manipulation
[59101] Oracle Database on Windows Net Foundation Layer Unspecified Remote Issue
[59066] IBM Rational AppScan on Windows Help Pages Query String XSS
[58907] Adobe Reader / Acrobat on Windows ActiveX Unspecified DoS
[58878] Skype Extras Manager on Windows Unspecified Issue
[58874] Microsoft IE CSS Parsing writing-mode Style Memory Corruption
[58873] Microsoft IE DOM Copy Constructor Event Object Initialization Memory Corruption
[58872] Microsoft IE HTML Component Handling Arbitrary Code Execution
[58871] Microsoft IE Data Stream Header Corruption Arbitrary Code Execution
[58870] Microsoft Office BMP Image Color Processing Overflow
[58869] Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code Execution
[58868] Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow
[58867] Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation
[58866] Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitrary Code Execution
[58865] Microsoft Multiple Products GDI+ TIFF Image Handling Overflow
[58864] Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow
[58863] Microsoft Multiple Products GDI+ WMF Image Handling Overflow
[58851] Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulation Arbitrary Code Execution
[58850] Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution
[58849] Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary Code Execution
[58817] Microsoft IE Nested marquee Tag Handling DoS
[58788] Microsoft IE Crafted File Extension Download Security Warning Bypass
[58736] Jetty on Windows Double Slash (//) Path Aliasing Unspecified Issue
[58656] Trend Micro ServerProtect for Windows EarthAgent.exe Multiple RPC Functions Remote Overflow
[58536] Hart InterCivic EMS Windows Registry Ballot Now Database Private Key Disclosure
[58480] Microsoft IE X.509 Certificate Authority (CA) Common Name Null Byte Handling SSL MiTM Weakness
[58403] avast! Home / Professional for Windows avast4.ini ashWsFtr.dll Subversion Local Privilege Escalation
[58399] Microsoft IE window.print Function Loop Remote DoS
[58397] Microsoft IE Auto Form Submission KEYGEN Element Remote DoS
[58350] Microsoft Patterns &
[58253] HP ProCurve Identity Driven Manager on Windows Unspecified Local Privilege Escalation
[58188] PHP on Windows popen Invalid Mode Handling DoS
[58127] CreativeLabs es1371mp.sys WDM Audio Driver on Windows IRP Request Handling Local Privilege Escalation
[58104] Xerver on Windows HTTP Server ::$DATA Extension Request Arbitrary File Access
[58092] Diebold Global Election Management System (GEMS) Server Windows Access Database Corruption DoS
[58013] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue
[58012] OpenOffice.org (OOo) on Windows Unspecified Client-side Stack Overflow
[58009] OpenOffice.org (OOo) on Windows Unspecified Client-side Issue
[57959] Interstage Application Server HTTP Server on Windows Unspecified Crafted Request DoS
[57955] Samba Unconfigured Home Directory Windows File Share Directory Access Restriction Bypass
[57942] SAP NetWeaver on Windows Unspecified Overflow
[57941] SAP NetWeaver on Windows Unspecified NULL Dereference DoS
[57940] SAP NetWeaver on Windows Unspecified Information Disclosure
[57926] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (3)
[57925] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (2)
[57924] Symantec Altiris Deployment Solution on Windows Unspecified Client-side Issue (1)
[57906] Perforce Server on Windows P4S.EXE Unspecified Infinite Loop DoS
[57905] Perforce Server on Windows P4S.EXE Unspecified DoS (2)
[57904] Perforce Server on Windows P4S.EXE Unspecified DoS (1)
[57881] MailSite on Windows LDAP3A.exe Unspecified Heap Corruption
[57880] MailSite on Windows LDAP3A.exe Unspecified Remote DoS
[57872] IBM Tivoli Directory Server (TDS) on Windows ibmslapd.exe Unspecified NULL Dereference Remote DoS
[57853] Business Objects Crystal Reports Server on Windows Unspecified Infinite Loop DoS
[57804] Microsoft JScript Scripting Engine Memory Corruption Arbitrary Code Execution
[57753] Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS
[57742] Microsoft SQL Cleartext User Passwords Disclosure
[57740] X Windows (X11R4) -L Linked Binary Path Subversion Handling Local Privilege Escalation
[57730] X Windows (X11R3/4) xterm Emulator Escape Sequence Handling Remote Privilege Escalation
[57654] Microsoft IE JavaScript LI Element Creation Value Attribute Handling Remote DoS
[57643] Quick Heal AntiVirus on Windows Unspecified Overflow
[57638] Microsoft Outlook Express IMAP Client literal_size Remote Overflow
[57616] DECwindows on Ultrix Memory Persistent Cleartext Credential Disclosure
[57589] Microsoft IIS FTP Server NLST Command Remote Overflow
[57515] Microsoft IE window.open() New Window URL Path Spoofing Weakness
[57506] Microsoft IE location.hash Javascript Handling Remote DoS
[57500] Sophos PureMessage for Microsoft Exchange Scan Engine Load Handling Scan Protection Bypass
[57499] Sophos PureMessage for Microsoft Exchange EdgeTransport.exe TNEF-Encoded Message Cleartext Conversion DoS
[57493] Sophos PureMessage Scanner (PMScanner.exe) for Microsoft Exchange Crafted File Handling DoS
[57202] Serv-U FTP Server Windows Authenticated HTTP Session Termination Failure Weakness
[57196] Serv-U FTP Server Windows Authentication Non-secure Login Weakness
[57142] Microsoft IE Malformed DIV / SCRIPT Element Handling DoS
[57118] Microsoft IE onblur() / onfocusout() Functions Nested Loop DoS
[57113] Microsoft IE Extended HTML Form Non-HTTP Protocol XSS
[57064] Microsoft IE Crafted UTF-7 Context XSS Filter Bypass
[57063] Microsoft IE Multiple CRLF Injected HTTP Header XSS Filter Bypass
[57062] Microsoft IE STYLE Element / CSS Expression Property Double Content Injection XSS Filter Bypass
[56963] Sun Java SE Abstract Window Toolkit (AWT) on Windows 2000 Security Warning Icon Display Weakness
[56916] Microsoft Office Web Components HTMLURL Parameter ActiveX Spreadsheet Object Handling Overflow
[56915] Microsoft Office Web Components OWC10.Spreadsheet ActiveX BorderAround() Method Heap Corruption Arbitrary Code Execution
[56914] Microsoft Office Web Components OWC10 ActiveX Loading/Unloading Memory Allocation Arbitrary Code Execution
[56911] Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow
[56910] Microsoft Visual Studio Active Template Library (ATL) Header Mismatch Remote Code Execution
[56905] Microsoft .NET Framework Request Scheduling Crafted HTTP Request Remote DoS
[56852] Microsoft IE XML Document start-tags Handling CPU Consumption DoS
[56779] Microsoft IE mshtml.dll JavaScript findText Method Unicode String Handling DoS
[56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
[56699] Microsoft Visual Studio Active Template Library (ATL) String Manipulation Arbitrary Memory Disclosure
[56698] Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Instantiation Remote Code Execution
[56696] Microsoft Visual Studio Active Template Library (ATL) Headers VariantClear Corrupt Stream Handling Remote Code Execution
[56695] Microsoft IE HTML Embedded CSS Property Modification Memory Corruption
[56694] Microsoft IE Invalid HTML Object Element Appendage Handling Memory Corruption
[56693] Microsoft IE timeChildren Object ondatasetcomplete Event Method Memory Corruption
[56525] Microsoft Eyedog ActiveX Unspecified Overflow
[56489] Microsoft IE Proxy Server CONNECT Response Cached Certificate Use MiTM HTTPS Site Spoofing
[56485] Microsoft IE iFrame HTTP / HTTPS Content Detection Weakness
[56480] Microsoft IE HTTP Response Refresh Header javascript: URI XSS
[56474] Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication Bypass
[56438] Microsoft XML Core Services Set-Cookie HTTP Response Header Restriction Weakness
[56434] Web On Windows (WOW) ActiveX 2 Multiple Method Arbitrary Command Execution
[56432] Microsoft IE onclick Action Mouse Click Subversion (Clickjacking)
[56424] GoAhead WebServer on Windows MS-DOS Device Name Request DoS
[56331] MapServer on Windows mapserv mapserv.c id Parameter Traversal Arbitrary File Access
[56323] Microsoft IE Write Method Unicode String Argument Handling Remote DoS
[56272] Microsoft Video ActiveX (msvidctl.dll) Unspecified Remote Arbitrary Code Execution
[56254] Microsoft IE Select Object Length Property Handling Memory Consumption DoS
[56015] NTP on Windows SO_EXCLUSIVEADDRUSE Unspecified Issue
[55940] EiffelStudio on Windows IPv6 Listening Mode IPv4 Interface Traffic Disclosure
[55855] Microsoft IE AddFavorite Method URL Handling Remote DoS
[55845] Microsoft DirectX DirectShow quartz.dll QuickTime NumberOfEntries Field Memory Corruption
[55844] Microsoft DirectX DirectShow QuickTime File Pointer Validation Arbitrary Code Execution
[55838] Microsoft Office Publisher PUBCONV.DLL Legacy Format Importation Pointer Dereference Arbitrary Code Execution
[55837] Microsoft Virtual PC / Virtual Server Instruction Decoding Unspecified Local Privilege Escalation
[55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
[55806] Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject() Method Memory Corruption
[55651] Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest DirectX Object Interface Overflow
[55509] VLC Media Player for Windows modules/access/smb.c Win32AddConnection() Function Overflow
[55436] Motorola Timbuktu Pro for Windows PlughNTCommand Named Pipe String Handling Overflow
[55345] Microsoft libc src/lib/libc/gen/fts.c fts_build() Function fts Nested Directory Handling Local DoS
[55298] XEmacs on Windows glyphs-eimage.c Multiple Function Image File Handling Overflows
[55269] Microsoft IIS Traversal GET Request Remote DoS
[55227] CA ARCserve Backup for Windows Message Engine 0x3B Message Invalid Stub Data RPC Marshalling Error Remote DoS
[55226] CA ARCserve Backup for Windows Message Engine ASCORE Module 0x13 Message Handling Remote DoS
[55224] PHP on Windows Multiple Function safe_mode Bypass
[55129] Microsoft IE HTTP Host Header Proxy Server CONNECT Response Document Context SSL Tampering Weakness
[55021] Apple Safari on Windows Installer Application Launch Unspecified Compression Method Local Privilege Escalation
[55012] Apple Safari on Windows Reset Safari Implementation Stored Web Password Persistence
[54974] Apple Safari on Windows CoreGraphics TrueType Font Handling Memory Corruption
[54966] PeaZIP on Windows ZIP Filename Handling Arbitrary Command Execution
[54960] Microsoft Office Word Malformed Record Handling Overflow (2009-0565)
[54959] Microsoft Office Word Malformed Length Field Handling Overflow (2009-0563)
[54958] Microsoft Office Excel BIFF File QSIR Record Object Pointer Handling Remote Code Execution
[54957] Microsoft Office Excel File SST Record Handling String Parsing Overflow
[54956] Microsoft Office Excel Record Object Field Sanitization Memory Corruption
[54955] Microsoft Office Excel Malformed Records Handling Overflow
[54954] Microsoft Office Excel Record Parsing Array Indexing Memory Corruption
[54953] Microsoft Office Excel Malformed Object Record Corruption Remote Code Execution
[54952] Microsoft Office Excel Malformed Record Object Pointer Handling Remote Code Execution (2009-0549)
[54951] Microsoft IE Crafted HTML Malformed Row Property References Memory Corruption
[54950] Microsoft IE Crafted onreadystatechange Event Memory Corruption
[54949] Microsoft IE Crafted HTML Document Node Addition Event Handler Memory Corruption
[54948] Microsoft IE setCapture Function Object Handling Uninitialized Memory Corruption
[54947] Microsoft IE Crafted AJAX XMLHttpRequest Synchronization Memory Corruption
[54946] Microsoft IE DHTML tr Element Handling Crafted Method Memory Corruption
[54945] Microsoft IE Cached Data Handling Cross-Domain Information Disclosure
[54944] Microsoft IE Race Condition Cross-Domain Information Disclosure
[54922] VMware Multiple Products on Windows Descheduled Time Accounting Driver Unspecified DoS
[54875] Apple QuickTime on Windows Movie File Clipping Region (CRGN) Atom Parsing Overflow
[54797] Microsoft DirectX DirectShow quartz.dll QuickTime NULL Byte Overwrite Arbitrary Code Execution
[54709] Soulseek on Windows Search Query Handling Overflow
[54700] Microsoft GDI+ gdiplus.dll GpFont:etData Function Crafted EMF File Handling Off-by-one Overflow
[54555] Microsoft IIS WebDAV Unicode URI Request Authentication Bypass
[54444] Apple Mac OS X Microsoft Office Spotlight Importer File Handling Memory Corruption
[54394] Microsoft Office PowerPoint Multiple Record Types Handling Overflow
[54393] Microsoft Office PowerPoint CurrentUserAtom Atom Parsing Multiple Overflows
[54392] Microsoft Office PowerPoint Unspecified Crafted File Handling Heap Corruption
[54391] Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Arbitrary Code Execution
[54390] Microsoft Office PowerPoint BuildList Record Parsing Memory Corruption Arbitrary Code Execution
[54389] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-1128)
[54388] Microsoft Office PowerPoint PP7 Crafted File Handling Memory Corruption Arbitrary Code Execution (2009-0225)
[54387] Microsoft Office PowerPoint PPT95 Import (PP7X32.DLL) File Handling Multiple Overflows
[54386] Microsoft Office PowerPoint PPT Importer (PP4X32.DLL) Legacy File Format Handling Multiple Overflows
[54385] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) String Parsing Memory Corruption Arbitrary Code Execution
[54384] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0227)
[54383] Microsoft Office PowerPoint Conversion Filter (PP4X32.DLL) Structure Parsing Memory Corruption Arbitrary Code Execution (2009-0223)
[54382] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-0222)
[54381] Microsoft Office PowerPoint Legacy File Format Handling Unspecified Remote Code Execution (2009-1137)
[54292] Microsoft ActiveSync RNDIS over USB System Lock Bypass
[54183] Microsoft IE Unprintable Character Document Handling DoS
[53935] Xitami Web Server on Windows HTTP Request Connection Saturation Remote DoS
[53933] Microsoft Whale Client Components ActiveX (WhlMgr.dll) Multiple Method Overflow
[53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
[53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
[53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
[53890] Trend Micro OfficeScan Client on Windows NTRtScan.exe Directory Pathname Handling Local DoS
[53871] OpenX on Windows www/delivery/tjs.php trackerid Parameter Traversal Arbitrary File Deletion
[53750] Oracle Outside In Technology Microsoft Office File Optional Data Stream Parsing Overflow
[53749] Oracle Outside In Technology Microsoft Office Spreadsheet Record Handling Overflow (2009-1010)
[53748] Oracle Outside In Technology Microsoft Excel Spreadsheet Record Handling Remote Overflow (2009-1009)
[53695] VMware Multiple Products on Windows hcmon.sys Crafted IOCTL Handling Unspecified Local DoS
[53671] Wireshark on Windows LDAP Dissector Unspecified DoS
[53665] Microsoft Office Excel Malformed Object Handling Memory Corruption
[53664] Microsoft WordPad Word 97 Text Converter File Handling Overflow
[53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
[53662] Microsoft WordPad / Office Text Converter Malformed Data Handling Memory Corruption
[53637] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Forms Authentication Component Unspecified XSS
[53636] Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Web Proxy TCP State Handling DoS
[53632] Microsoft DirectShow MJPEG Decompression Unspecified Arbitrary Code Execution
[53627] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0554)
[53626] Microsoft IE EMBED Element Handling Memory Corruption Arbitrary Code Execution
[53625] Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2009-0552)
[53624] Microsoft IE Page Transition Unspecified Memory Corruption Arbitrary Code Execution
[53454] Sybase Enterprise Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure
[53453] Pramati Server on Windows Crafted Request WEB-INF Directory Information Disclosure
[53451] jo! jo Webserver on Windows Crafted Request WEB-INF Directory Information Disclosure
[53450] HP Application Server on Windows Crafted Request WEB-INF Directory Information Disclosure
[53340] Microsoft IE JavaScript Implementation Web Site Temporary Footprint Spoofing Weakness
[53308] Apple Safari on Windows WebKit.dll ALINK Attribute Handling Memory Exhaustion DoS
[53306] Microsoft Money prtstb06.dll ActiveX Startup Property Remote DoS
[53231] Apple Safari on Windows XML Document Handling Application Crash DoS
[53182] Microsoft Office PowerPoint PPT File Handling Unspecified Code Execution
[53072] Citrix Presentation Server Client for Windows Process Memory Credential Information Disclosure
[52924] Microsoft IIS WebDAV PROPFIND Method Forced Directory Listing
[52898] Apple Safari for Windows feeds: URI Handling NULL Pointer Dereference DoS
[52896] Mozilla Firefox on Windows _moveToEdgeShift() XUL Tree Method Garbage Collection Arbitrary Code Execution (PWN2OWN)
[52830] HP Virtual Rooms Client on Windows Unspecified Arbitrary Remote Code Execution
[52745] Adobe Flash Player on Windows Mouse Pointer Display Unspecified Clickjacking
[52695] Microsoft Office Excel Crafted Document Invalid Object Reference Unspecified Code Execution
[52692] Microsoft SMB NT Trans2 Request Parsing Unspecified Remote Code Execution
[52691] Microsoft SMB NT Trans Request Parsing Overflow Remote Code Execution
[52690] Microsoft Office Word Malformed Table Property Handling Memory Corruption
[52689] Microsoft Word Document Handling HTML Object Tag DoS
[52688] Microsoft Word Document Handling HTML Object Tag XSS
[52686] Microsoft Office Hyperlink Target Digital Signatures Weakness
[52684] Microsoft Forms Multiple ActiveX (FM20.dll) Memory Access Violations
[52680] Microsoft IIS httpext.dll WebDav LOCK Method Nonexistent File Request Parsing Memory Exhaustion Remote DoS
[52671] Microsoft IE shell32 Module Unspecified Form Data Handling Overflow
[52670] Microsoft IE Double Injection Bypass Anti-XSS Filter Bypass
[52669] Microsoft IE UTF-7 Character Set Bypass Anti-XSS Filter Bypass
[52668] Microsoft IE CRLF Injection Multiple Method Bypass Anti-XSS Filter Bypass
[52667] Microsoft IE navcancl.htm Local Resource Refresh Link XSS
[52666] Microsoft IE Malformed file:// URI Handling DoS
[52665] Microsoft IE IObjectSafety Functionality Object Creation Call DoS
[52664] Microsoft IE Relative Path Handling Spoofing Weakness
[52663] Microsoft IE Crafted Pop-up Directional Address Bar Spoofing
[52660] Microsoft IE about:blank Blank Tab Spoofing Weakness
[52599] IBM WebSphere Application Server (WAS) on Windows JSP Handling Unspecified Exposure (PK75248)
[52530] IBM Tivoli Storage Manager HSM for Windows Unspecified Overflow
[52491] Apple Safari for Windows Multiple Protocol Handler Null Dereference DoS
[52490] Apple Safari for Windows http URI Handler Malformed Domain Name DoS
[52468] IBM WebSphere Application Server (WAS) on Windows Installation Factory logs/instconfigifwas6.log Local Information Disclosure
[52301] NovaNET on Windows nnwindtb.dll DtbClsLogin Function Overflow DoS
[52287] Theme Engine for Drupal on Windows q Parameter Local File Inclusion
[52238] Microsoft IIS IDC Extension XSS
[51840] Microsoft IE XHTML Strict Mode CSS Handling Memory Corruption Arbitrary Code Execution
[51839] Microsoft IE Document Object Handling Memory Corruption Arbitrary Code Execution
[51838] Microsoft Exchange Server EMSMDB2 Invalid MAPI Command Remote DoS
[51837] Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNEF) Decoding Remote Code Execution
[51836] Microsoft Office Visio File Opening Memory Functions Arbitrary Code Execution
[51835] Microsoft Office Visio Object Data Memory Functions Arbitrary Code Execution
[51834] Microsoft Office Visio File Opening Object Data Handling Arbitrary Code Execution
[51531] Apple QuickTime MPEG-2 Playback Component on Windows Crafted Movie File Handling Arbitrary Code Execution
[51503] Microsoft Word Save as PDF Add-on Emailed PDF Path Disclosure
[51406] Silentum Uploader on Windows upload.php delete Parameter Traversal Arbitrary File Deletion
[51351] Oracle Database SQL*Plus Windows GUI Unspecified Remote Information Disclosure (2008-3973)
[51350] Oracle Database SQL*Plus Windows GUI Unspecified Remote Information Disclosure (2008-5439)
[51320] Microsoft IE chromehtml: URI --renderer-path Option Arbitrary Command Execution
[51277] Microsoft Excel HTML Tag Interpretation XSS
[51259] Microsoft IE onload=screen["
[51226] IBM AS/400 iSeries Access for Windows Remote Command rexec Remote Command Execution
[51190] Firefly Media Server (mt-daapd) on Windows Traversal Arbitrary /admin-root File Disclosure
[51135] Google Chrome on Windows chromehtml: URI--renderer-path Option Arbitrary Remote Command Execution
[50978] Opera on Windows Malformed Email Header Handling Resource Consumption DoS
[50974] Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree Function Malformed Email Header Handling Infinite Loop DoS
[50959] Microsoft Word / Publisher Malformed wordart Handling DoS
[50778] Microsoft Remote Help SAFRCFileDlg.RASetting ActiveX (safrcdlg.dll) GetProfileString Function Overflow
[50745] Microsoft Office Web Controls OWC11.DataSourceControl Memory Access Violation
[50727] Hitachi JP1/Integrated Management Service Support on Windows Unspecified XSS
[50693] Sun Ray Windows Connector Unspecified Local Administration Password Disclosure
[50683] CA ARCserve Backup on Windows LDBserver Service Client Data Verification Weakness
[50622] Microsoft IE mshtml.dll XSML Nested SPAN Element Handling Unspecified Arbitrary Code Execution
[50615] Microsoft ASP.NET Malformed File Request Path Disclosure
[50613] Microsoft IE WebDAV Cached Content Request Parsing Overflow
[50612] Microsoft IE Object Handling Uninitialized Memory Corruption
[50611] Microsoft IE Navigation Methods Parameter Validation Memory Corruption
[50610] Microsoft IE EMBED Tag File Name Extension Overflow
[50598] Microsoft Office Word Table Property Handling Overflow
[50597] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4031)
[50596] Microsoft Office Word RTF Object Parsing Arbitrary Code Execution (2008-4030)
[50595] Microsoft Office Word RTF Drawing Object Parsing Overflow
[50593] Microsoft Office Word RTF Consecutive Drawing Object Parsing Memory Corruption
[50592] Microsoft Office Word Malformed Value Memory Corruption
[50591] Microsoft Office Word RTF Polyline/Polygon Object Parsing Overflow
[50590] Microsoft Office Word Malformed File Information Block (FIB) lcbPlcfBkfSdt' Field Memory Corruption
[50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
[50585] Microsoft Office SharePoint Server Administrative URL Security Bypass
[50581] Microsoft Visual Basic Charts Control ActiveX (Mschrt20.ocx) Unspecified Memory Corruption
[50580] Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Corruption
[50579] Microsoft Visual Basic Hierarchical FlexGrid ActiveX (mshflxgd.ocx) Multiple Method Memory Corruption
[50578] Microsoft Visual Basic FlexGrid ActiveX (msflxgrd.ocx) Unspecified Memory Corruption
[50577] Microsoft Visual Basic DataGrid ActiveX (msdatgrd.ocx) Unspecified Memory Corruption
[50557] Microsoft Excel NAME Record Global Array Parsing Memory Corruption
[50556] Microsoft Excel Malformed Object Record Parsing Memory Corruption
[50555] Microsoft Excel Malformed Formula Parsing Memory Corruption
[50488] Microsoft Multiple Products Crafted RTCP Receiver Report Packet Handling Remote DoS
[50330] Microsoft Communicator Instant Message Emoticon Saturation Remote DoS
[50320] Microsoft Communicator SIP INVITE Request Handling Session Saturation DoS
[50302] Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token Subversion Multiple Mechanism Authentication Bypass
[50288] Apple iPhone Configuration Web Utility for Windows Traversal Arbitrary File Access
[50279] Microsoft XML Core Services HTTP Request Header Field Cross-domain Session State Manipulation
[50138] Microsoft SharePoint Host Name / Port Number Persistence HTML Document Same-origin Relationship Bypass XSS
[50074] Cisco Unity Unspecified Microsoft API Dynamic UDP Port Packet Handling Remote DoS
[50044] Microsoft IE Non-Blocking Space Character Visual Truncation Address Bar Spoofing
[50043] Microsoft IE High-bit URL Encoded Character Address Bar Spoofing
[49981] Symantec Backup Exec for Windows Server Data Management Protocol Unspecified Overflow
[49980] Symantec Backup Exec for Windows Server Authentication Multiple Unspecified Issues
[49926] Microsoft XML Core Services DTD Crafted XML Document Handling Cross-Domain Scripting Remote Information Disclosure
[49900] Windows Mobile on HTC Hermes Password Auto-Completion Authentication Bypass
[49899] Microsoft IIS iissext.dll Unspecified ActiveX SetPassword Method Remote Password Manipulation
[49882] Opera on Windows file:// URI Handling Overflow
[49781] Adobe Flash Player on Windows ActiveX Unspecified Information Disclosure
[49743] Yosemite Backup on Windows ytwindtb.dll DtbClsLogin() Function Remote Overflow
[49730] Microsoft IIS ActiveX (adsiis.dll) GetObject Method Remote DoS
[49729] Microsoft Internet Authentication Service (IAS) Helper COM Component ActiveX (iashlpr.dll) PutProperty Method Remote DoS
[49728] Microsoft IE Crafted URL-encoded String alert Function DoS
[49592] Microsoft Office DjVu ActiveX (DjVu_ActiveX_MSOffice.dll) Multiple Property Overflow
[49590] Microsoft Debug Diagnostic Tool DebugDiag ActiveX (CrashHangExt.dll) GetEntryPointForThread Method DoS
[49586] Microsoft IE Mshtml.dll CDwnTaskExec::ThreadExec Function PNG File Handling DoS
[49442] IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow
[49385] Microsoft ASP.NET Request Validation <
[49384] Microsoft ASP.NET Request Validation <
[49230] Microsoft Outlook Web Access (OWA) exchweb/bin/redir.asp URL Variable Arbitrary Site Redirect
[49118] Microsoft IE HTML Object Handling Memory Corruption
[49117] Microsoft IE componentFromPoint Unitialized Memory Corruption
[49116] Microsoft IE Unspecified Cross-domain Information Disclosure
[49115] Microsoft IE Unspecified Cross-domain Arbitrary Script Execution
[49114] Microsoft IE Unspecified HTML Element Cross-Domain Code Execution
[49113] Microsoft IE Window Location Property Cross-Domain Code Execution
[49082] Microsoft PicturePusher ActiveX (PipPPush.DLL) Crafted PostURL Request Multiple Method Arbitrary File Upload
[49078] Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution
[49077] Microsoft Excel Calendar Object Validation VBA Performance Cache Processing Arbitrary Code Execution
[49076] Microsoft Excel BIFF File Malformed Object Handling Arbitrary Code Execution
[49068] Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow
[49059] Microsoft IIS IPP Service Unspecified Remote Overflow
[49052] Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS
[48821] Microsoft Dynamics GP DPS Component DPS Message Remote Overflow
[48820] Microsoft Dynamics GP DPM Component DPM Message Remote Overflow
[48819] Microsoft Dynamics GP DPS Message Invalid Magic Number Remote DoS
[48818] Microsoft IE Top Level Domain Cross-Domain Cookie Fixation
[48564] Apple Mac OS X QuickLook Microsoft Office File Handling Memory Corruption
[48243] ISC BIND for Windows UDP Client Handler Remote DoS
[48220] Microsoft SQL Server SQLVDIRLib.SQLVDirControl ActiveX (Tools\Binn\sqlvdir.dll) Connect Method Overflow
[48208] Novell eDirectory LDAP on Windows Unspecified Memory Corruption DoS
[48206] Novell eDirectory NDS on Windows Unspecified Remote Memory Corruption
[48149] IBM DB2 Universal Database on Windows DB2FMP Unspecified Issue
[48034] Apple QuickTime on Windows PICT Image Handling Overflow
[48032] Apple QuickTime on Windows PICT Image Handling Unspecified Arbitrary Code Execution
[48020] Apple Bonjour for Windows mDNSResponder Bonjour API for Unicast DNS TransactionID/Port Randomness Prediction
[48019] Apple Bonjour for Windows Bonjour Namespace Provider mDNSResponder Domain Name Label Handling DoS
[48000] Microsoft Organization Chart orgchart.exe Crafted OPX File Handling DoS
[47969] Microsoft Multiple Products GDI+ BMP Integer Calculation Overflow
[47968] Microsoft Multiple Products GDI+ WMF Image Handling Overflow
[47967] Microsoft Multiple Products GDI+ GIF Image Handling Arbitrary Code Execution
[47966] Microsoft Multiple Products GDI+ EMF File Handling Memory Corruption
[47965] Microsoft Multiple Products GDI+ VML Gradient Size Handling Overflow
[47964] Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary Code Execution
[47903] DiskCryptor on Windows BIOS Keyboard Buffer Local Password Disclosure
[47856] Microsoft BitLocker BIOS Keyboard Buffer Local Password Disclosure
[47475] Microsoft Visual Studio Masked Edit Control ActiveX (Msmask32.ocx) Mask Parameter Overflow
[47447] RealVNC Windows Client vncviewer.exe Crafted Frame Buffer Update Packet Handling DoS
[47419] Microsoft IE HTML Object Unspecified Memory Corruption
[47418] Microsoft IE HTML Object Unspecified Memory Corruption
[47417] Microsoft IE Object Handling Uninitialized Memory Corruption
[47416] Microsoft IE HTML Document Objects Handling Memory Corruption
[47415] Microsoft IE HTML Document Object Handling Memory Corruption
[47414] Microsoft IE Print Preview HTML Component Handling Unspecified Arbitrary Code Execution
[47413] Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure
[47410] Microsoft Office Excel connections.xml Password String Persistence
[47409] Microsoft Office Excel Spreadsheet AxesSet Record Memory Corruption
[47408] Microsoft Office Excel File FORMAT Record Array Index Handling Arbitrary Code Execution
[47407] Microsoft Office Excel File COUNTRY Record Value Parsing Arbitrary Code Execution
[47406] Microsoft PowerPoint Viewer Cstring Object Handling Memory Corruption
[47405] Microsoft PowerPoint Viewer Picture Index Handling Memory Corruption
[47404] Microsoft PowerPoint File List Value Handling Memory Corruption
[47402] Microsoft Office Filters PICT File Handling Arbitrary Code Execution
[47401] Microsoft Office Filters Encapsulated PostScript (EPS) File Handling Arbitrary Code Execution
[47400] Microsoft Office BMPIMP32.FLT Filter BMP File Header Handling Arbitrary Code Execution
[47398] Microsoft Office Filters PICT File bits_per_pixel Field Heap Corruption
[47397] Microsoft Office WPGIMP32.FLT Filter WordPerfect Graphics (WPG) File Handling Arbitrary Code Execution
[47299] Frisk F-PROT Antivirus Microsoft Office File Handling DoS
[47004] Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Disclosure
[46935] Microsoft IE Pop Up Blocker Multiple Issues
[46931] Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection
[46914] Microsoft Word DOC File Handling Unspecified Arbitrary Code Execution
[46827] Microsoft Visual Basic ActiveX (vb6skit.dll) fCreateShellLink Function Crafted lpstrLinkPath Argument Overflow
[46780] Microsoft Outlook Web Access (OWA) HTML Parsing Unspecified XSS
[46779] Microsoft Outlook Web Access (OWA) Data Validation Unspecified XSS
[46773] Microsoft SQL Server Memory Page Reuse Information Disclosure
[46772] Microsoft SQL Server Convert Function Overflow
[46771] Microsoft SQL Server Stored Backup File Processing Memory Corruption Arbitrary Code Execution
[46770] Microsoft SQL Server Crafted Insert Statement Overflow
[46749] Microsoft Access Snapshot Viewer ActiveX (snapview.ocx) PrintSnapshot Method Arbitrary Code Execution
[46723] Cisco VPN Client on Windows Dial-up Networking Dialog Local Privilege Escalation
[46722] Apple Safari for Windows Crafted HTML Arbitrary File Download
[46696] Opera for Windows Unspecified Arbitrary Code Execution
[46676] Mozilla Multiple Browser Windows URL Shortcut Handling Cross-context Execution
[46645] Microsoft Word DOC File Unordered List Handling Memory Corruption
[46631] Microsoft IE Frame Location Handling Cross-frame Content Manipulation
[46630] Microsoft IE location Window Object Handling XSS
[46590] Avaya Message Storage Server (MSS) Admin Interface Windows Domain Parameter Arbitrary Command Execution
[46501] Apple Safari for Windows URLACTION_SHELL_EXECUTE_HIGHRISK IE Zone Setting Restriction Bypass
[46400] SurgeMail on Windows Unspecified Remote Issue (ZD-00000078)
[46275] Sun Java on Windows jusched.exe Unspecified Overflow
[46240] No-IP Windows Dynamic Update Client Registry Local Credentials Disclosure
[46194] Novell iPrint Client for Windows ienipp.ocx ActiveX Multiple Variable Overflow
[46084] Microsoft IE Request Header Handling Cross-domain Information Disclosure
[46083] Microsoft IE HTML Object Handling Memory Corruption Arbitrary Code Execution
[46065] Microsoft DirectX SAMI File Format Processing Arbitrary Code Execution
[46064] Microsoft DirectX MJPEG Codec AVI/ASF File Processing Arbitrary Code Execution
[45941] HP System Management Homepage (SMH) for Windows OpenSSL Version Regression
[45906] Microsoft ISA Server SOCKS4 Proxy Empty Packet Cross Session Destination IP Disclosure
[45826] Microsoft IE Local Zone Saved File URI XSS
[45814] Microsoft IE Arbitrary Website Zone Addition Domain Supression DoS
[45813] Microsoft IE URI Arbitrary Scheme Name XSS Filter Bypass
[45806] Microsoft Register Server (REGSVR) Crafted DLL Handling Unspecified Issue
[45583] Microsoft IIS w/ Visual Interdev Unspecified Authentication Bypass
[45525] Microsoft IE Failed Connection DNS Pin Dropping Rebinding Weakness
[45522] Symantec Veritas Backup Exec for Windows Unspecified Remote Issue
[45517] Windows Mobile PC SMS Handler SMS Message Sender Field Spoofing
[45442] Microsoft IE IObjectSafety Java Plug-in ActiveX COM Object Creation DoS
[45441] Microsoft IE IObjectSafety CLSID_ApprenticeICW ActiveX Control COM Object Creation DoS
[45440] Microsoft IE IObjectSafety SmartConnect Class ActiveX Control COM Object Creation DoS
[45439] Microsoft IE IObjectSafety System Monitor Source Properties ActiveX Control COM Object Creation DoS
[45438] Microsoft IE IObjectSafety Outlook Progress Ctl ActiveX Control COM Object Creation DoS
[45437] Microsoft IE Location DOM Object Page Load Interruption Site/Certificate Spoofing
[45436] Microsoft IE URI Unspecified Scheme Traversal Arbitrary File Access
[45435] Microsoft IE file: URI Absolute Traversal Arbitrary File Access
[45354] Stunnel on Windows Unspecified Local Privilege Escalation
[45264] Microsoft Office Publisher File Format Unspecified Remote Code Execution
[45262] Microsoft ISA Server Host Header Log File Content Injection
[45260] Microsoft IE Malformed Table Element CSS Attribute Handling DoS
[45259] Microsoft IE mshtml.dll Malformed IFRAME XML File / XSL Stylesheet Handling DoS
[45248] Microsoft IE JavaScript onUnload Document Structure Modification DoS
[45218] Microsoft Outlook Web Access Cache-Control Directive Information Caching Persistence
[45185] Microsoft Baseline Security Analyzer (MBSA) Reboot Race Condition Weakness
[45074] Microsoft IE Print Table of Links Cross-Zone Scripting
[45033] Microsoft Publisher Object Handler Header Data Validation Arbitrary Code Execution
[45032] Microsoft Word Document Malformed CSS Handling Memory Corruption Arbitrary Code Execution
[45031] Microsoft Office RTF File Handling Object Parsing Arbitrary Code Execution
[45028] Microsoft Malware Protection Engine File Parsing Disk-space Exhaustion DoS
[45027] Microsoft Malware Protection Engine File Parsing Service DoS
[45008] Microsoft Outlook E-mail Message Malformed Header / Body Separation Remote DoS
[44979] Microsoft SQL Server Blank sa Password Set Weakness
[44973] Microsoft IE DisableCachingOfSSLPages SSL Page Caching Persistence
[44964] Apple QuickTime Player on Windows Crafted Media File Arbitrary Code Execution
[44963] IBM DB2 Universal Database on Windows Multiple Function JAR File Handling Remote DoS
[44959] Microsoft Office on Mac OS X Installation Permission Bypass
[44938] Microsoft Office Open XML (OOXML) Document Metadata Field Modification Signature Weakness
[44721] IBM DB2 Universal Database Windows Change Password Policy Bypass
[44652] Microsoft HeartbeatCtl HRTBEAT.OCX ActiveX Unspecified Method Host Argument Overflow
[44597] Oracle Application Server on Windows Crafted URI Remote DoS
[44527] Oracle Application Server on Windows Installation Default Permission Weakness
[44459] Microsoft Sharepoint Rich Text Editor Picture Source XSS
[44458] Microsoft Works WkImgSrv.dll WksPictureInterface Property Remote DoS
[44319] Microsoft Office Publisher Crafted PUB File Handling DoS
[44318] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Arbitrary Remote Code Execution
[44303] Microsoft IE body Tag Infinite Loop DoS
[44212] Microsoft Project File Handling Unspecified Arbitrary Code Execution
[44211] Microsoft Vbscript.dll VBScript Decoding Code Execution
[44210] Microsoft Jscript.dll JScript Arbitrary Code Execution
[44205] Microsoft IE Data Stream Handling Memory Corruption
[44170] Microsoft Visio DXF File Handling Memory Validation Arbitrary Code Execution
[44169] Microsoft Visio Object Header Data Handling Arbitrary Code Execution
[44150] Microsoft Access Crafted MDB File Handling Overflow
[44004] Apple QuickTime on Windows Movie Animation Codec Handling Overflow
[44002] Apple QuickTime on Windows PICT Handling Clip opcode Parsing Overflow
[43606] Microsoft IE XMLHttpRequest() Multiple Header Overwrite HTTP Response Splitting
[43605] Microsoft IE Chunked Transfer-Encoding Request Smuggling
[43602] FutureSoft TFTP Server 2000 for Windows UDP Request Handling Remote Overflow
[43521] Microsoft IE CSS :visited Pseudo-class Browser History Disclosure
[43471] Microsoft IE Digest Authentication username Attribute CRLF Injection
[43464] Microsoft Jet Database Engine Word File Handling Unspecified Code Execution
[43451] Microsoft IIS HTTP Request Smuggling
[43325] Microsoft Atlas Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
[43314] Microsoft IE JavaScript Long String Regex Match Remote DoS
[43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
[43242] Novell GroupWise Windows Client API Shared Folder Security Bypass
[43076] Acronis True Image Windows Agent Malformed Packet Remote DoS
[43068] Microsoft Access MDB File Handling Unspecified Arbitrary Code Execution
[42978] Double-Take for Windows username Field Remote Overflow
[42977] Double-Take for Windows ospace/time/src\date.cpp Exception Remote DoS
[42976] Double-Take for Windows Crafted Request CPU Consumption Remote DoS
[42975] Double-Take for Windows Malformed Packet NULL Dereference Remote DoS
[42974] Double-Take for Windows Crafted Packet Memory Allocation Error Remote DoS
[42973] Double-Take for Windows Crafted Packet Remote Information Disclosure
[42972] Double-Take for Windows Crafted Packet Function Recursion Remote DoS
[42799] Microsoft IE URI Handling Arbitrary FTP Command Injection
[42732] Microsoft Excel Macro Validation Unspecified Code Execution
[42731] Microsoft Excel Conditional Formatting Value Unspecified Code Execution
[42730] Microsoft Excel BIFF File Format Rich Text Tag Malformed Tag Memory Corruption
[42725] Microsoft Excel XLS Malformed Formula Memory Corruption
[42724] Microsoft Excel Style Record Handling Memory Corruption
[42723] Microsoft Excel SLK File Import Unspecified Arbitrary Code Execution
[42722] Microsoft Excel BIFF8 Spreadsheet DVAL Record Handling Arbitrary Code Execution
[42712] Microsoft Office Web Components DataSource Page Handling Arbitrary Code Execution
[42711] Microsoft Office Web Components URL Parsing Arbitrary Code Execution
[42710] Microsoft Outlook mailto: URI Handling Arbitrary Command Execution
[42709] Microsoft Office Unspecified Malformed Document Handling Memory Corruption
[42708] Microsoft Office Excel Document (XLS) Cell Record Rebuilding Memory Corruption
[42360] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Save() Method Arbitrary File Manipulation
[42358] Symantec Backup Exec for Windows Servers (BEWS) PVATLCalendar.PVCalendar.1 ActiveX (pvcalendar.ocx) Multiple Overflows
[42329] Symantec Backup Exec for Windows Servers (BEWS) Unspecified Remote Issue
[42193] VLC Media Player on Windows RTSP Data Handling Unspecified Remote Overflow
[42152] Microsoft Silverlight ActiveX Unspecified Overflow
[42058] Microsoft FrontPage CERN Image Map Dispatcher (htimage.exe) Arbitrary File Information Disclosure
[41871] Mono on Windows System.Web StaticFileHandler.cs Crafted Request Source Code Disclosure
[41775] PHP Component Object Model (COM) on Windows Multiple Restriction Bypass
[41727] Windows Privacy Tray (WinPT) Crafted Key Installation Visual Truncation Weakness
[41628] IBM Informix Storage Manager (ISM) Windows RPC Components XDR Library Multiple Unspecified Remote Overflows
[41621] IBM Informix Dynamic Server (IDS) on Windows Unspecified SQ_ONASSIST Request Remote DoS
[41468] Microsoft FoxPro ActiveX Web Page Parsing Unspecified Memory Corruption
[41467] Microsoft IE Image Processing Argument Validation Unspecified Memory Corruption
[41466] Microsoft IE animateMotion.by SVG Element by Property Memory Corruption
[41465] Microsoft IE HTML Layout Rendering Unspecified Memory Corruption
[41464] Microsoft Word Document Handling Unspecified Memory Corruption
[41462] Microsoft Office Malformed Object Parsing Memory Corruption
[41461] Microsoft Active Directory / ADAM Malformed LDAP Request Remote DoS
[41460] Microsoft WebDAV Mini-Redirector Response Handling Arbitrary Code Execution
[41459] Microsoft Works File Converter .wps File Multiple Field Handling Arbitrary Code Execution
[41458] Microsoft Works File Converter .wps File Header Index Table Handling Arbitrary Code Execution
[41457] Microsoft Works File Converter .wps Format Header Handling Arbitrary Code Execution
[41456] Microsoft IIS File Change Handling Local Privilege Escalation
[41447] Microsoft Office Publisher Memory Index Validation .pub File Handling Arbitrary Code Execution
[41446] Microsoft Office Publisher .pub File Handling Arbitrary Code Execution
[41445] Microsoft IIS ASP Web Page Input Unspecified Arbitrary Code Execution
[41382] Microsoft IE OnKeyDown JavaScript htmlFor Attribute Keystroke Disclosure
[41377] F-Secure Anti-Virus for Windows system32 Directory Crafted File Detection Bypass
[41091] Microsoft IIS webhits.dll Hit-Highlighting Authentication Bypass
[41080] Microsoft Visual Database Tools MSVDTDatabaseDesigner7 ActiveX (VDT70.DLL) NotSafe Function Arbitrary Code Execution
[41063] Microsoft IIS ODBC Tool newdsn.exe Remote DSN Creation
[41060] Microsoft .NET Unspecified XSS Filter Bypass
[41057] Microsoft IIS w/ .NET MS-DOS Device Request Blacklist Bypass
[41053] Microsoft Visual Basic vbp File Company Name Field Processing Overflow
[41052] Microsoft Visual Basic vbp File Description Field Processing Overflow
[41048] Microsoft IE Content-Disposition HTML File Handling XSS
[41047] Microsoft IE mshtml Malformed HTML Tag DoS
[41041] Microsoft IE Mouse Click self.resizeTo DoS
[41040] Microsoft IE onclick Self Referencing Button Infinite Loop DoS
[41036] Microsoft IE DLL Search Path Subversion Local Privilege Escalation
[41035] Microsoft IE onload Localhost DoS
[41026] Microsoft IE GET Request Overflow
[41025] Microsoft IE Drag and Drop Arbitrary Program Execution
[41024] Microsoft IE Cross Zone Domain Resolution Weakness
[40882] Apple Safari on Windows Bookmark Title Overflow
[40872] Cisco VPN Client on Windows Dial-up Networking cvpnd.exe Permission Weakness Local Privilege Escalation
[40865] Symantec Backup Exec for Windows Servers (BEWS) Job Engine (bengine.exe) Crafted Packet Remote DoS
[40735] Apple Mac OS X Microsoft Office Spotlight Importer XLS Handling Memory Corruption
[40531] Microsoft Visual Basic DSR File Handling Remote Code Execution
[40434] Apple Quicktime for Windows Crafted QTL File qtnext Field Remote Command Execution
[40381] Microsoft Visual FoxPro VFP_OLE_Server ActiveX foxcommand Method Arbitrary Code Execution
[40380] Microsoft Visual FoxPro ActiveX (vfp6r.dll) DoCmd Method Arbitrary Command Execution
[40352] Microsoft Visual InterDev SLN File Long Project Line Arbitrary Code Execution
[40344] Microsoft Excel Malformed Header File Handling Remote Code Execution
[40271] phPay on Windows main.php config Parameter Traversal Local File Inclusion
[40256] Windows NT FTP Server (WFTP) Explorer LIST Command Long Reply Arbitrary Remote Code Execution
[40234] Microsoft Rich Textbox Control (RICHTX32.OCX) SaveFile Method Arbitrary File Overwrite
[40125] Motorola Timbuktu Pro for Windows Scanner Function HELLO Response Packet Remote Overflow
[40124] Motorola Timbuktu Pro for Windows Authentication Username Remote Overflow
[40123] Motorola Timbuktu Pro for Windows Application Protocol Request Unspecified Remote Overflow
[40121] Motorola Timbuktu Pro for Windows Send Request Traversal Arbitrary File Manipulation
[40119] Subversion on Windows Filename Repository Filename Traversal Arbitrary File Overwrite
[40118] TortoiseSVN on Windows Filename Traversal Arbitrary File Overwrite
[40091] VMware Multiple Products Windows Search Path Subversion Local Privilege Escalation
[39900] Microsoft Web Proxy Auto-Discovery (WPAD) Crafted DNS MitM Weakness
[39754] Trend Micro ServerProtect for Windows (SpntSvc.exe) Notification.dll NTF_SetPagerNotifyConfig Function Remote Overflow
[39753] Trend Micro ServerProtect for Windows (SpntSvc.exe) Eng50.dll Multiple Function Remote Overflow
[39752] Trend Micro ServerProtect for Windows (SpntSvc.exe) Stcommon.dll Multiple Function Remote Overflow
[39751] Trend Micro ServerProtect for Windows (SpntSvc.exe) StRpcSrv.dll Multiple Function Remote Overflow
[39750] Trend Micro ServerProtect for Windows Agent Service RPCFN_CopyAUSrc Function Remote Overflow
[39707] Toribash Server on Windows Malformed Command Remote DoS
[39562] AMD ATI atidsmxx.sys on Windows Vista Local Privilege Escalation
[39358] Ingres on Windows Persistent User Privilege Remote Privilege Escalation
[39255] Windows Vista UACE Local Privilege Escalation
[39250] X Windows (X11) Unspecified HTML Processing DoS
[39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
[39121] Microsoft IE DHTML Object Memory Corruption
[39120] Microsoft IE Element Tag Uninitialized Memory Corruption
[39119] Microsoft IE Object cloneNode / nodeValue Function Uninitialized Memory Corruption
[39118] Microsoft IE Object setExpression Function Memory Corruption
[38955] Microsoft IE history.length Variable History Disclosure
[38954] Microsoft Excel Sheet Name Unspecified Code Execution
[38953] Microsoft IE Document Variable Overwrite Same Origin Policy Bypass
[38869] Apple Safari for Windows corefoundation.dll History Error Remote DoS
[38866] Apple Safari for Windows Unspecified Memory Corruption DoS (crash #2)
[38864] Apple Safari for Windows feed:// URL DoS
[38572] Windows RSH daemon (rshd) Packet Processing Remote Overflow
[38542] Apple Safari for Windows IFRAME SRC Arbitrary Command Execution
[38541] Apple Safari for Windows Unspecified DHTML Manipulation Remote DoS
[38497] Microsoft IE Page Transaction Race Condition Arbitrary Code Execution
[38496] Microsoft Sysinternals DebugView Dbgv.sys Local Privilege Escalation
[38495] Microsoft IE Outlook Express Address Book Activex DoS
[38493] Microsoft IE HTML Popup Window (mshtml.dll) DoS
[38488] Microsoft ISA Server File Extension Filter Bypass
[38487] Microsoft Visual FoxPro ActiveX (FPOLE.OCX) FoxDoCmd Function Arbitrary Command Execution
[38486] Microsoft Expression Media IVC File Cleartext Catalog Password Disclosure
[38471] Microsoft Office MSODataSourceControl ActiveX DeleteRecordSourceIfUnused Method Overflow
[38399] Microsoft SQL Server Enterprise Manager Distributed Management Objects OLE DLL ActiveX (sqldmo.dll) Start Method Arbitrary Code Execution
[38212] Microsoft IE document.open() Function Address Bar Spoofing
[38211] Microsoft IE with Netscape navigatorurl URI Cross-browser Command Execution
[38018] Microsoft IE with Mozilla SeaMonkey Cross-browser Command Execution
[38017] Microsoft IE with Mozilla Firefox Cross-browser Command Execution
[37992] Atheros 802.11 Wireless Driver on Windows Management Frame Handling DoS
[37817] Windows NT Message Compiler MC-filename Local Overflow
[37764] Sun Java JDK / JRE on Windows Untrusted Application Arbitrary File Access
[37638] Microsoft IE res:// URI Image Object Local File Enumeration
[37636] Microsoft IE Crafted JavaScript for Loop Null Pointer DoS
[37634] Microsoft Word Crafted Document Unspecified Resource Consumption DoS
[37633] Microsoft Word wwlib.dll Crafted Document Overflow DoS
[37632] Microsoft Word Unspecified Memory Corruption
[37630] Microsoft SharePoint PATH_INFO (query string) XSS
[37626] Microsoft IE Unspecified Address Bar Spoofing
[37625] Microsoft IE File Download Queue Handling Use-After-Free Arbitrary Code Execution
[37590] WIDCOMM Bluetooth for Windows (BTW) Traversal Arbitrary File Manipulation
[37589] WIDCOMM Bluetooth for Windows (BTW) Remote Communication Interception (CarWhisperer)
[37383] ZoneAlarm Pro Windows API Function Identifier Manipulation Local Policy Bypass
[37375] Comodo Firewall Pro Windows API Function Identifier Manipulation Local Policy Bypass
[37250] Sun Java System (SJS) Application Server on Windows Unspecified JSP Source Disclosure
[37148] Microsoft TSAC ActiveX connect.asp Unknown XSS
[37107] Microsoft Visual Studio VB To VSI Support Library ActiveX (VBTOVSI.DLL) SaveAs Method Arbitrary File Manipulation
[37106] Microsoft Visual Studio ActiveX (PDWizard.ocx) Multiple Method Arbitrary Program Execution
[37011] Nessus Windows GUI Unspecified XSS
[36936] Microsoft Visual Basic VBP File Handling Overflow
[36934] Microsoft Agent URL Handling Remote Code Execution
[36605] Apple Safari windows.setTimeout Function XSS
[36524] Credant Mobile Guardian Shield for Windows Cleartext Credential Disclosure
[36400] Microsoft IE HTML FTP Credential Disclosure
[36399] Microsoft DirectX Media SDK DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX SourceUrl Property Overflow
[36398] Microsoft IE FTP Unspecified Remote Memory Address Disclosure
[36397] Microsoft IE Crafted CSS Unspecified Memory Corruption
[36396] Microsoft IE ActiveX tblinf32.dll Unspecified Arbitrary Code Execution
[36395] Microsoft IE ActiveX (pdwizard.ocx) Unspecified Memory Corruption
[36394] Microsoft XML Core Services (MSXML) Multiple Object Handling Overflow
[36389] Microsoft Virtual PC Guest Administrator Unspecified Local Privilege Escalation
[36383] Microsoft Excel Workspace rtWnDesk Record Memory Corruption
[36151] Microsoft DirectX RLE Compressed Targa Image Processing Overflow
[36147] Microsoft IE Zone Domain Specification DoS
[36142] Microsoft IE IDN Site Basic Authentication Status Bar Truncation Spoofing
[36111] Symantec Backup Exec for Windows RPC Crafted ncacn_ip_tcp Request Remote Overflow
[36105] Symantec LiveState for Windows shstart.exe Local Privilege Escalation
[36089] PHP COM Extensions on Windows WScript.Shell COM Object safe_mode Bypass
[36062] Mozilla Firefox on Windows Encoded IP Phishing Protection Bypass
[36059] Caucho Resin on Windows Crafted MS-DOS Request DoS
[36058] Caucho Resin on Windows \web-inf Traversal Arbitrary File Access
[36057] Caucho Resin on Windows Encoded Space (%20) Request Path Disclosure
[36041] Fullaspsite Asp Hosting Sitesi windows.asp kategori_id Variable
[36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
[35959] Microsoft Excel Viewer WorkBook Workspace Designation Memory Corruption
[35958] Microsoft Excel Multiple Worksheet Unspecified Memory Corruption
[35957] Microsoft Excel Version Information Validation Crafted File Arbitrary Code Execution
[35956] Microsoft .NET Framework Just In Time (JIT) Compiler Service Unspecified Arbitrary Code Execution
[35955] Microsoft .NET Framework NULL Byte URL Arbitrary File Access
[35954] Microsoft .NET Framework PE Loader Service Unspecified Arbitrary Code Execution
[35953] Microsoft Office Publisher .pub Page Data Handling Arbitrary Code Execution
[35950] Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution
[35922] Mozilla Firefox on Windows resource:// %5C Encoded Traversal Arbitrary File Access
[35763] Microsoft PowerPoint Unspecified Arbitrary Code Execution
[35568] Microsoft IE Script Variable Length DoS
[35517] Mbedthis AppWeb on Windows Mixed Case URL Unspecified Bypass
[35353] Microsoft IE Speech API 4 Xlisten.dll / Xvoice.dll Memory Corruption
[35352] Microsoft IE navcancl.htm res: URI Phishing
[35351] Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution
[35350] Microsoft IE Multiple Language Pack Installation Race Condition Code Execution
[35349] Microsoft IE Crafted CSS Tag Handling Memory Corruption
[35348] Microsoft IE Urlmon.dll COM Object Instantiation Memory Corruption
[35343] Microsoft Visio Document Handling Crafted Packed Object Arbitrary Code Execution
[35342] Microsoft Visio Document Handling Crafted Version Number Arbitrary Code Execution
[35269] Microsoft ASP .NET Framework Comment Enclosure Handling Request Weakness
[34963] Microsoft IE CCRP BrowseDialog Server (ccrpbds6.dll) ActiveX Multiple Property DoS
[34959] Microsoft Xbox 360 Hypervisor Syscall Bypass Arbitrary Code Access
[34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
[34830] Microsoft Outlook Recipient ActiveX (ole32.dll) Crafted HTML DoS
[34489] Microsoft Office 2003 Malformed WMF File Handling DoS
[34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
[34407] Adobe Acrobat Reader Plugin for Microsoft IE Microsoft.XMLHTTP ActiveX CLRF Injection
[34404] Microsoft IE Media Service Component Arbitrary File Rewrite
[34403] Microsoft IE HTML CMarkup Objects Unspecified Memory Corruption
[34402] Microsoft IE HTML Objects Unspecified Memory Corruption
[34401] Microsoft IE Property Method Handling Memory Corruption
[34400] Microsoft IE Uninitialized Object Memory Corruption
[34399] Microsoft IE COM Object Instantiation Memory Corruption (931768)
[34397] Microsoft CAPICOM CAPICOM.Certificates ActiveX (CAPICOM.dll) Remote Code Execution
[34396] Microsoft Office Crafted Drawing Object Arbitrary Code Execution
[34395] Microsoft Excel Filter Record Handling Remote Code Execution
[34394] Microsoft Office Excel Set Font Handling Remote Code Execution
[34393] Microsoft Excel BIFF Record Named Graph Record Parsing Overflow
[34392] Microsoft Exchange Server IMAP Literal Processing DoS
[34391] Microsoft Exchange Server MIME Decoding Remote Code Execution
[34390] Microsoft Exchange Server MODPROPS Malformed iCal DoS
[34389] Microsoft Exchange Outlook Web Access (OWA) Attachment Script Injection
[34388] Microsoft Word RTF Rich Text Properties Parsing Remote Code Execution
[34387] Microsoft Word Data Array Handling Remote Code Execution
[34386] Microsoft Word Malformed Drawing Object Arbitrary Code Execution
[34385] Microsoft Word Macro Content Arbitrary Code Execution
[34082] Plesk for Windows login_up.php3 locale_id Parameter Traversal Arbitrary File Access
[34081] Plesk for Windows login.php3 locale_id Parameter Traversal Arbitrary File Access
[34077] Microsoft IE navcancl.htm res: URI XSS
[34007] Microsoft Content Management Server (CMS) Unspecified XSS
[34006] Microsoft Content Management Server (CMS) Crafted HTTP Request Memory Corruption
[33639] Microsoft Class Package Export Tool (clspack.exe) Long String Overflow
[33638] Microsoft ISA Server IPv6 Filter Rule Bypass
[33629] Microsoft IE Animated Cursor (.ani) Handling Arbitrary Command Execution
[33627] Microsoft Vista Speech Recognition Web Page Arbitrary Command Execution
[33626] Microsoft Visual C++ MSVCR80.DLL Time Functions Assertion Error
[33457] Microsoft IIS Crafted TCP Connection Range Header DoS
[33398] Windows XP msgina.dll Local Overflow
[33271] Microsoft Word Crafted Frame CSRF
[33270] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution
[33196] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (934232)
[32697] Flip4Mac Windows Media Components WMV Parsing Memory Corruption
[32630] Microsoft IE Key Press Event Focus Redirection
[32627] Microsoft IE msxml3 Module Nested Tag Race Condition DoS
[32626] Microsoft IE Crafted res:// Forced 404 Page Reporting
[32625] Microsoft IE res://ieframe.dll/invalidcert.htm Site Security Certificate Discrediting
[32624] Microsoft IE mhtml Overflow DoS
[32119] Microsoft IE Cross Domain Charset Inheritance Weakness
[32087] Microsoft IE onunload Event Address Bar Spoofing
[31901] Microsoft Office Unspecified String Handling Arbitrary Code Execution
[31900] Microsoft Word Unspecified Memory Corruption Arbitrary Code Execution (929434)
[31899] Microsoft Help Workshop HPJ File OPTIONS Section Overflow
[31898] Microsoft Help Workshop Crafted .cnt File Handling Overflow
[31896] Microsoft Project Server pdsrequest.asp GetInitializationData Request SQL Database Password Disclosure
[31895] Microsoft IE Blnmgrps.dll COM Object Instantiation Memory Corruption
[31894] Microsoft IE Htmlmm.ocx COM Object Instantiation Memory Corruption
[31893] Microsoft IE Msb1fren.dll COM Object Instantiation Memory Corruption
[31892] Microsoft IE FTP Server Response Parsing Memory Corruption
[31891] Microsoft IE Imjpcksid.dll COM Object Instantiation Memory Corruption
[31888] Microsoft Malware Protection Engine PDF File Parsing Remote Code Execution
[31887] Microsoft MFC Component RTF OLE Object Memory Corruption Remote Code Execution
[31886] Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution
[31883] Microsoft Step-by-Step Interactive Training Bookmark Handling Remote Code Execution
[31882] Microsoft MDAC ADODB.Connection ActiveX Control Execute Method Remote Code Execution
[31805] XEROX WorkCentre Products Web User Interface Microsoft Networking Configuration Command Injection
[31799] Windows Firewall ADS Application Alert Failure
[31779] Windows Firewall .exe Incorrect Application Block Alerts
[31647] Microsoft IE Javascript IsComponentInstalled Overflow
[31607] Microsoft Visual Studio 1 TYPELIB MOVEABLE PURE .rc File Name Overflow
[31345] Mozilla Multiple Products on Windows CSS Cursor Image Overflow
[31333] Microsoft IE Image File Embedded Content XSS
[31332] Microsoft IE Scrollbar CSS Property DoS
[31331] Microsoft IE mailto: Handler Arbitrary Command-Line Argument Modification
[31330] Microsoft IE File:// URI src Tag IFrame DoS
[31329] Microsoft IE DNS Pinning Intranet Server Arbitrary Javascript Execution
[31328] Microsoft IE UTF-7 Encoded HTTP 404 Error Message XSS
[31326] Microsoft IE HTML Table Tag style Attribute DoS
[31325] Microsoft IE HTML Frame Tag Invalid src Attribute DoS
[31324] Microsoft IE DirectAnimation ActiveX Multiple Unspecified
[31323] Microsoft IE DIV Tag and HTML CSS Float Properties Arbitrary Code Execution
[31322] Microsoft IE SSL Certificate Chain Validation MiTM Weakness
[31321] Microsoft IE Javascript self.location Refresh DoS
[31258] Microsoft Excel Palette Record Handling Overflow
[31257] Microsoft Excel Column Record Heap Corruption Remote Code Execution
[31256] Microsoft Excel Malformed String Handling Remote Code Execution
[31255] Microsoft Excel IMDATA Record Handling Remote Code Execution
[31254] Microsoft Outlook Advanced Find .oss File Handling Remote Code Execution
[31253] Microsoft Outlook E-mail Header Processing Unspecified DoS
[31252] Microsoft Outlook VEVENT Record Handling Remote Code Execution
[31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
[31250] Microsoft IE Vector Markup Language (VML) Remote Overflow
[31249] Microsoft Excel Malformed Record Memory Access Code Execution
[31243] Windows NT FTP Server (WFTP) Pro Server APPE Command Overflow
[30834] Microsoft IE URLMON.DLL Long URL HTTP Redirect Overflow
[30826] Microsoft Visual Basic Click Event Procedure Overflow
[30825] Microsoft Word Malformed Data Structure Handling Memory Corruption
[30824] Microsoft Word Malformed String Memory Corruption
[30822] Microsoft IE A Tag Long Title Attribute DoS
[30820] Microsoft Word mso.dll / mso9.dll LsCreateLine Function DoS
[30816] Microsoft IE TIF Folder Cached Content Information Disclosure
[30815] Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure
[30814] Microsoft IE DHTML Script Function Memory Corruption
[30813] Microsoft IE Script Error Handling Memory Corruption
[30402] Microsoft w3wp Crafted COM Component Request DoS
[30208] Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Execution
[30155] Microsoft Visual Studio WMI Object Broker ActiveX (WmiScriptUtils.dll) Unspecified Code Execution
[30087] Microsoft IE Empty APPLET Tag DoS
[30022] Microsoft IE Non-breaking Spaces Popup Address Bar Spoofing
[29724] Microsoft Hyperlink Object Library (hlink.dll) Crafted Hyperlink Arbitrary Code Execution
[29720] Microsoft PowerPoint Unspecified Code Execution
[29525] Microsoft IE dxtmsft3.dll Multiple ActiveX COM Object DoS
[29524] Microsoft IE dxtmsft.dll Multiple ActiveX COM Object DoS
[29514] AK-Systems Windows Terminal VNC Server Default Null Password
[29512] Windows NT FTP Server (WFTP) Multiple Command Remote Overflow
[29501] Microsoft Visual Studio Multiple ActiveX COM Object Remote Memory Corruption
[29448] Microsoft PowerPoint Crafted File Unspecified Code Execution
[29447] Microsoft PowerPoint Crafted PPT Data Record Code Execution
[29446] Microsoft PowerPoint Crafted PPT Object Pointer Code Execution
[29445] Microsoft Excel Crafted XLS COLINFO Record Arbitrary Code Execution
[29444] Microsoft Excel Crafted Lotus 1-2-3 File Arbitrary Code Execution
[29443] Microsoft Excel Crafted XLS DATETIME Record Arbitrary Code Execution
[29442] Microsoft Word for Mac Crafted String Unspecified Code Execution
[29441] Microsoft Word Crafted Mail Merge File Arbitrary Code Execution
[29440] Microsoft Word memmove Integer Overflow
[29431] Microsoft .NET Framework AutoPostBack Property Unspecified XSS
[29430] Microsoft Office Malformed Smart Tag Arbitrary Code Execution
[29429] Microsoft Office mso.dll Malformed Record Handling Arbitrary Code Execution
[29428] Microsoft Office Malformed Chart Record Unspecified Arbitrary Code Execution
[29427] Microsoft Office Crafted String Unspecified Arbitrary Code Execution
[29426] Microsoft XML Core Services XSLT Processing Overflow
[29425] Microsoft XML Core Services XMLHTTP ActiveX Control Server-side Redirect Information Disclosure
[29412] Microsoft Terminal Server Explorer Error Arbitrary Code Execution
[29347] Microsoft IE msoe.dll COM Object Instantiation Code Execution
[29346] Microsoft IE chtskdic.dll COM Object Instantiation Code Execution
[29345] Microsoft IE imskdic.dll COM Object Instantiation Code Execution
[29259] Microsoft PowerPoint PPT Unspecified Arbitrary Code Execution
[29143] Microsoft PowerPoint PPT Malformed BIFF File Arbitrary Command Execution
[29129] Microsoft IE wininet.dll Content-Type DoS
[28946] Microsoft IE Vector Markup Language (VML) Arbitrary Code Execution
[28842] Microsoft IE daxctle.ocx KeyFrame() Method Overflow
[28841] Microsoft IE daxctle.ocx Spline Function Call Overflow
[28730] Microsoft Publisher PUB File Font Parsing Overflow
[28726] Microsoft Works Malformed Lotus 1-2-3 Spreadsheet DoS
[28725] Microsoft Works Malformed Excel Spreadsheet DoS
[28724] Microsoft Works Malformed Excel Spreadsheet Overflow
[28723] Microsoft Works Malformed Works Spreadsheet DoS
[28627] Microsoft IE VBScript and Javascript Infinite Loop Stack Overflow
[28614] Microsoft IE input/div Tag width Conflict DoS
[28539] Microsoft Word 2000 Unspecified Code Execution
[28538] Microsoft Excel Cell Comment Rebuild Arbitrary Code Execution
[28537] Microsoft Excel Crafted SELECTION Record Arbitrary Code Execution
[28536] Microsoft Excel SELECTION Record Memory Corruption Arbitrary Code Execution
[28535] Microsoft Excel Crafted COLINFO Record Arbitrary Code Execution
[28534] Microsoft Excel Crafted LABEL Record Arbitrary Code Execution
[28533] Microsoft Excel Crafted FNGROUPCOUNT Value Arbitrary Code Execution
[28532] Microsoft Excel Crafted BIFF Record Array Index Arbitrary Code Execution
[28381] Microsoft IE ActiveX SaveFile Handling DoS
[28376] Microsoft IE US-ASCII Character Set Filter Bypass XSS
[28260] Microsoft IIS FrontPage Server Extensions (FPSE) shtml.exe Path Disclosure
[28134] Windows NT FTP Server (WFTP) Server SIZE Command Remote Overflow
[28132] Microsoft IE HTTP 1.1 URL Parsing Overflow
[27922] Microsoft Virtual DOS Machine (VDM) Local Memory Disclosure
[27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
[27855] Microsoft IE document.getElementByID Crafted CSS Arbitrary Code Execution
[27854] Microsoft IE Chained CSS Imports Memory Corruption
[27853] Microsoft IE HTML Rendering Memory Corruption
[27852] Microsoft IE Uninitialized COM Object Memory Corruption
[27851] Microsoft IE Redirect Handling Cross-Domain Privilege Escalation
[27850] Microsoft IE Cross Site Window Location Information Disclosure
[27849] Microsoft Visual Basic Unspecified Document Handling Overflow
[27842] Microsoft Management Console (MMC) HTML-embedded Resource XSS Arbitrary Command Execution
[27685] IBM Informix Dynamic Server on Windows username Overflow
[27533] Microsoft IE Orphan Object Property Access NULL Dereference
[27532] Microsoft IE ADODB.Recordset SysFreeString Invalid Length
[27530] Microsoft IE NDFXArtEffects Multiple Property Overflow
[27507] Microsoft Excel Embedded Shockwave Flash Object Arbitrary Javascript Execution
[27475] Microsoft IE Nested Objects Exception Handler Unspecified Memory Corruption
[27373] Microsoft IE Native Function Iteration NULL Dereference
[27372] Microsoft IE Forms Multiple Object ListWidth Property Overflow
[27327] Microsoft PowerPoint PPT File Closure Memory Corruption
[27326] Microsoft PowerPoint powerpnt.exe Unspecified Issue
[27325] Microsoft PowerPoint mso.dll PPT Processing Unspecified Code Execution
[27324] Microsoft PowerPoint mso.dll PPT Processing Arbitrary Code Execution
[27232] Microsoft IE NMSA.ASFSourceMediaDescription dispValue Overflow
[27231] Microsoft IE HTML Help COM Object Click Method NULL Dereference
[27230] Microsoft IE CEnroll SysAllocStringLen Invalid Length
[27153] Microsoft .NET Framework Crafted Request Access Restriction Bypass
[27150] Microsoft Office MSO.DLL String Processing Overflow
[27149] Microsoft Office Malformed Property Overflow Arbitrary Code Execution
[27148] Microsoft Office File Processing Malformed String Arbitrary Code Execution
[27147] Microsoft Office PNG Processing Unspecified Code Execution
[27146] Microsoft Office GIFIMP32.FLT GIF Parsing Overflow
[27112] Microsoft IE OVCtl NewDefaultItem Method NULL Dereference
[27111] Microsoft IE OWC11.DataSourceControl getDataMemberName Method Overflow
[27110] Microsoft IE WebViewFolderIcon setSlice Overflow
[27109] Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Overflow
[27108] Microsoft IE MHTMLFile Multiple Property NULL Dereference
[27087] Microsoft IIS SMTP Encapsulated SMTP Address Open Relay
[27059] Microsoft IE FolderItem Object NULL Dereference
[27057] Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference
[27056] Microsoft IE TriEditDocument URL Property NULL Dereference
[27055] Microsoft IE HtmlDlgSafeHelper fonts Property NULL Dereference
[27053] Microsoft Excel Asian Language Style Option Overflow
[27014] Microsoft IE Object.Microsoft.DXTFilter Enabled Property NULL Dereference
[27013] Microsoft IE DirectAnimation.DAUserData Data Property NULL Dereference
[26957] Microsoft IE File Share Traversal Arbitrary HTA Execution
[26956] Microsoft IE object.documentElement.outerHTML Cross-site Information Disclosure
[26955] Microsoft IE RDS.DataControl SysAllocStringLen Invalid Length Issue
[26921] Novell GroupWise Windows Client Arbitrary Email Access
[26839] Microsoft IE DirectAnimation.StructuredGraphicsControl SourceURL NULL Dereference
[26837] Microsoft IE Frameset inside Table NULL Dereference
[26836] Microsoft IE OutlookExpress.AddressBook COM Object NULL Dereference
[26835] Microsoft IE HTML Help COM Object Image Property Heap Overflow
[26834] Microsoft IE ADODB.Recordset COM Object Filter Property NULL Dereference
[26771] Webmin on Windows Crafted Backslash Request Traversal Arbitrary File Access
[26686] Toshiba Bluetooth Stack for Windows TOSRFBD.SYS Remote Overflow DoS
[26666] Microsoft Hyperlink Object Library hlink.dll Link Processing Overflow
[26536] Adobe Reader for Windows Multiple Unspecified Issues
[26527] Microsoft Excel Malformed URL String Handling Overflow
[26446] Microsoft IE Multipart HTML File Save Memory Corruption
[26445] Microsoft IE Modal Browser Window Address Bar Spoofing
[26444] Microsoft IE DXImageTransform.Microsoft.Light ActiveX Arbitrary Code Execution
[26443] Microsoft IE UTF-8 Encoded HTML Overflow
[26442] Microsoft IE Wmm2fxa.dll DXImageTransform COM Object Memory Corruption
[26441] Microsoft Exchange Server Outlook Web Access HTML Parsing Unspecified XSS
[26435] Microsoft PowerPoint Malformed Record Arbitrary Code Execution
[26434] Microsoft JScript Object Release Memory Corruption
[26193] Microsoft NetMeeting Unspecified Remote DoS
[26175] Microsoft Jet SQL Command Overflow NULL Dereference DoS
[25635] Microsoft Word Unspecified Code Execution
[25429] Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow
[25400] IBM WebSphere Application Server (WAS) on Windows Registry Cleartext Credential Disclosure
[25338] Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution
[25073] Microsoft IE mhtml: Redirection Domain Restriction Bypass
[25003] Microsoft Office mailto: Arbitrary File Access
[24966] Microsoft IE object Tag Memory Corruption Arbitrary Code Execution
[24918] Ethereal NetXray/Windows Sniffer File Code Overflow
[24595] Microsoft Office Malformed BIFF Record Multiple File Format Processing DoS
[24547] Microsoft IE HTML Parsing Unspecified Remote Code Execution
[24546] Microsoft IE COM Object Instantiation Remote Code Execution
[24545] Microsoft IE HTML Element Crafted Tag Arbitrary Code Execution
[24544] Microsoft IE IOleClientSite Dynamic Object Script Execution
[24543] Microsoft IE Navigation Method Cross-Domain Information Disclosure
[24542] Microsoft IE Unspecified Address Bar Spoofing
[24541] Microsoft IE Double Byte Character Set (DBCS) Parsing Overflow
[24518] Microsoft FrontPage Server Extensions fpadmdll.dll Multiple Parameter XSS
[24517] Microsoft Data Access Components RDS.Dataspace ActiveX Remote Code Execution
[24490] Microsoft IE w/ Sun Java VM INPUT Focus DoS
[24465] Microsoft IE Window Loading Race Condition Address Bar Spoofing
[24318] Microsoft Fingerprint Reader Cleartext Credential Transmission
[24208] Microsoft .NET Framework ILDASM Overflow
[24207] Microsoft .NET Framework ILASM .il File Processing Overflow
[24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
[24095] Microsoft IE Arbitrary HTA File Execution
[24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
[24050] Microsoft IE createTextRange() Function Arbitrary Code Execution
[23964] Microsoft IE mshtml.dll Multiple Script Action Handler Overflow
[23903] Microsoft Office Crafted Routing Slip Arbitrary Code Execution
[23902] Microsoft Office Excel Malformed Record Arbitrary Code Execution
[23901] Microsoft Office Excel Malformed Graphic Arbitrary Code Execution
[23900] Microsoft Office Excel Malformed Description Arbitrary Code Execution
[23899] Microsoft Office Excel BIFF File Processing Malformed BOOLERR Record Arbitrary Code Execution
[23711] Microsoft Visual Studio .dbp File DataProject Field Buffer Overflow
[23657] Microsoft IE ActiveX Killbit Setting Bypass
[23609] Microsoft IE Crafted Elements Status Bar URL Spoofing
[23608] Microsoft IE Iframe Folder Delete Weakness
[23591] Microsoft Office Spreadsheet Component SaveAs Capability Arbitrary File Creation
[23590] Microsoft IIS Traversal Arbitrary FPSE File Access
[23588] Microsoft IE Self-referenced OBJECT Directive DoS
[23572] M4 Project enigma-suite Windows Client Default Account
[23569] HP System Management Homepage (SMH) on Windows Unspecified Traversal Arbitrary File Access
[23542] lighttpd on Windows Crafted Filename Request Script Source Disclosure
[23490] Microsoft IE Scripting Engine Thread Stack Exhaustion DoS
[23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
[23307] Microsoft IE window.status Memory Leak DoS
[23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
[23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
[23228] Microsoft Outlook Web Access .INC File Direct Request Source Disclosure
[23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
[23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
[23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
[23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
[23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
[23135] Microsoft PowerPoint Temporary Internet Files Information Disclosure
[22977] Microsoft IE jscript.dll document.write() NULL Pointer DoS
[22976] Microsoft IE Crafted WMF Header Size Arbitrary Code Execution
[22948] Microsoft IE urlmon.dll BGSOUND Tag file Attribute Overflow DoS
[22941] Microsoft HTML Help Workshop .hhp Parsing Overflow
[22834] Microsoft Log Sink Class pkmcore.dll ActiveX Arbitrary File Manipulation
[22824] Microsoft Excel xls Processing Malformed Page Size Name Null Dereference
[22823] Microsoft Excel xls Processing Malformed Graphic Pointer NULL Pointer Dereference
[22649] ELOG on Windows Entry Resubmission Overflow
[22364] WinRAR for Windows Archive Filename Overflow
[22356] Microsoft IE Unspecified NULL Dereference DoS (#2)
[22355] Microsoft IE Unspecified NULL Dereference DoS (#1)
[22354] Microsoft IE Malformed table datasrc Tag DoS
[22351] Microsoft IE Modal Security Dialog Race Condition
[22332] Microsoft Visual Studio UserControl Load Event Code Execution
[22305] Microsoft Outlook/Exchange TNEF Decoding Arbitrary Code Execution
[21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
[21805] Microsoft IIS Crafted URL Remote DoS
[21763] Microsoft IE Embedded CLSID COM Object Arbitrary Code Execution
[21762] Microsoft IE HTTPS Proxy Basic Authentication URL Cleartext Transmission
[21761] Microsoft IE Keyboard Shortcut Processing Weakness
[21760] Microsoft IE Suppressed Download Dialog Window Manipulation Weakness
[21568] Microsoft Excel xls Processing msvcrt.memmove() Function Malformed Range Overflow
[21562] Microsoft IE CSS Crafted p Element DoS
[21537] Microsoft IIS Log File Permission Weakness Remote Modification
[21532] Microsoft IE CSS @import Directive Cross Domain Information Disclosure
[20886] Microsoft IE Unspecified Margin/Padding NULL Pointer Dereference DoS
[20874] Microsoft IE clipboardData Object getData Method Content Disclosure
[20500] Microsoft IE Restricted Zone Site Addition URI DoS
[20464] GO-Global for Windows _USERSA_ Remote Overflow
[20376] Microsoft IE with JRE mshtmled.dll Malformed frameset Tag DoS
[20308] Skype for Windows Crafted VCARD Handling Overflow
[20307] Skype for Windows Crafted callto/skype URL Overflow
[20271] Microsoft IE settimeout Function Recursion DoS
[20248] Microsoft IE Embedded Content Processing XSS
[20241] Microsoft ISA Server Fragmented UDP Saturation DoS
[20207] Microsoft IE Alphanumeric Password Character Recognition Issue
[20199] Microsoft IE Image Saturation Handling DoS
[20146] Microsoft IE PerfectNav Plugin Malformed URL DoS
[20106] BEA WebLogic on Windows Registry Cleartext Password Disclosure
[19905] Microsoft Collaboration Data Objects Remote Overflow
[19876] Microsoft AntiSpyware Registry Extension Bypass
[19806] Microsoft IE Crafted Double Backslash shell: URI DoS
[19798] Microsoft IE for Mac Malformed BGSOUND Tag DoS
[19796] Microsoft IE Malformed IFRAME File Source DoS
[19662] Microsoft IE XMLHTTP HTTP Request Injection
[19267] WRQ Reflection for Secure IT Windows Server Mixed Case Ruleset Bypass
[19266] WRQ Reflection for Secure IT Windows Server Default Account Persistence
[19265] WRQ Reflection for Secure IT Windows Server Host Private Key File Permission Weakness
[19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
[19209] Rediff Bol Fetch.FetchContact.1 ActiveX Windows Address Book Disclosure
[19093] Microsoft Design Tools msdds.dll COM Object Arbitrary Code Execution
[19089] Microsoft IE Unspecified Remote Code Execution
[19029] Microsoft IE Meta Refresh Parsing Weakness
[19024] Microsoft IE Automatic MIME Detection Weakness
[18926] Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
[18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
[18822] Microsoft DirectX DirectShow QUARTZ.DLL AVI Processing Overflow
[18703] Novell eDirectory iMonitor on Windows dhost.exe Unspecified Remote Overflow
[18612] Microsoft IE Multiple COM Object Embedded CLSID Arbitrary Remote Code Execution
[18611] Microsoft IE Web Folder Cross-Domain Code Execution
[18610] Microsoft IE JPEG Rendering Memory Corruption Arbitrary Code Execution
[18587] Gaim for Windows accounts.xml Cleartext Password Local Disclosure
[18510] Microsoft IE AJAX Crafted Content-type Header DoS
[18501] CA BrightStor ARCserve Backup Agent for Windows Long String Overflow
[18484] Mozilla Firefox with Microsoft Office Shared Section Permission Weakness Information Disclosure
[18461] Microsoft ActiveSync Client/Server Partnership ID Spoofing
[18460] Microsoft ActiveSync Authentication Transmission Cleartext Disclosure
[18459] Microsoft ActiveSync Sync Request Saturation DoS
[18458] Microsoft ActiveSync Device Response Equipment ID Enumeration
[18243] Microsoft Outlook MS-DOS Device Name Attachment DoS
[18241] Microsoft Outlook Express begin Keyword Message Handling DoS
[18173] MySQL on Windows USE Command MS-DOS Device Name DoS
[18152] Microsoft IE Image File Handling Remote DoS
[17944] Windows XP OEM Backdoor Administrator Account
[17893] Microsoft ASP.NET RPC/encoded Mode Malformed SOAP Message DoS
[17829] Microsoft Office .doc Font Parsing Overflow
[17707] Microsoft Front Page Malformed HTML Edit DoS
[17680] Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution
[17671] Microsoft Site Server viewcode.asp Information Disclosure
[17670] Microsoft Site Server Multiple Sample Sites SQL Injection
[17669] Microsoft Site Server cphost.dll Arbitrary Code Execution
[17668] Microsoft Site Server cphost.dll Malformed File Upload Disk Consumption DoS
[17667] Microsoft Site Server LDAP_Anonymous Account Cleartext Password Disclosure
[17666] Microsoft Site Server formslogin.asp url Parameter XSS
[17665] Microsoft Site Server Default.asp XSS
[17664] Microsoft Site Server remind.asp Information Disclosure
[17663] Microsoft Site Server auoconfig.asp Information Disclosure
[17662] Microsoft Site Server VsPrAuoEd.asp Information Disclosure
[17661] Microsoft Site Server VsLsLpRd.asp Information Disclosure
[17660] Microsoft Site Server VsTmPr.asp Information Disclosure
[17659] Microsoft Site Server vs.asp Information Disclosure
[17658] Microsoft Site Server default.asp Information Disclosure
[17657] Microsoft Site Server UserManager.asp Arbitrary LDAP Modification
[17656] Microsoft Site Server GroupManager.asp Arbitrary LDAP Modification
[17655] Microsoft Site Server DSN.asp Information Disclosure
[17654] Microsoft Site Server driver.asp Information Disclosure
[17653] Microsoft Site Server domain.asp Information Disclosure
[17652] Microsoft Site Server findserver.asp Information Disclosure
[17624] VERITAS Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow
[17622] VERITAS Backup Exec for Windows Admin Plus Pack Option Remote Overflow
[17389] Microsoft Outlook Crafted E-mail Subject Arbitrary System File Creation
[17342] Microsoft ISA Server Basic Credentials Exposure
[17334] Microsoft IE Script Code Obfuscation (Ghost)
[17314] Microsoft IE XML Redirect Information Disclosure
[17313] Microsoft IE PNG Image Processing Arbitrary Code Execution
[17312] Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation
[17311] Microsoft ISA Server Cache Poisoning Restriction Bypass
[17310] Microsoft Agent Trusted Internet Content Spoofing (fireclicking)
[17307] Microsoft Exchange Outlook Web Access HTML Email XSS
[17306] Microsoft Outlook Express NNTP LIST Command Remote Overflow
[17218] Microsoft IE Stack Overflow Saturation DoS
[17217] Microsoft IE Embedded File Recursion DoS
[17176] Microsoft IE msxml3.dll Malformed Ref href Link DoS
[17159] Microsoft IE Malformed FTP URL DoS
[17158] Microsoft IE Crafted BMP Size Setting DoS
[17124] Microsoft IIS Malformed WebDAV Request DoS
[17123] Microsoft IIS Multiple Unspecified Admin Pages XSS
[17122] Microsoft IIS Permission Weakness .COM File Upload
[17094] Microsoft IE window() Function Arbitrary Code Execution
[17088] Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation
[17045] SunOS Openwindows psh xnews Privilege Escalation
[17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
[16895] IRIX ftpd Unspecified Windows Link DoS
[16827] Microsoft WGA Multiple Method Validation Bypass
[16814] Microsoft Word mcw File Processing Overflow
[16813] Microsoft ASP.NET FileStream Method Nonexistent File Request Path Disclosure
[16729] avast! Anti-Virus on Windows NT Unspecified Scanner Bypass
[16342] Microsoft IE Cross Site Mouse Click Disclosure
[16196] Microsoft ASP.NET __VIEWSTATE Functionality Replay Attack
[16195] Microsoft ASP.NET __VIEWSTATE Functionality Nested Request DoS
[16024] AbsoluteTelnet Windows Title Remote Overflow
[15979] OpenWindows Mailtool Malformed Mail Attachment DoS
[15879] APG Classmaster Workstation Windows SMB Share Access Restriction Bypass
[15757] Microsoft SQL Server sa Account Default Null Password
[15749] Microsoft IIS / Site Server code.asp Arbitrary File Access
[15480] Microsoft Outlook From Header Comma Parsing Failure
[15479] Microsoft XP SP1 explorer.exe Malformed GIF Processing DoS
[15470] Microsoft Word Unspecified Overflow
[15467] Microsoft Exchange Server SMTP Extended Verb X-LINK2STATE Remote Overflow
[15466] Microsoft IE Content Advisor Overflow
[15465] Microsoft IE DHTML Object Memory Corruption Code Execution
[15464] Microsoft IE wininet.dll Long Hostname Heap Corruption Code Execution
[15342] Microsoft IIS Persistent FTP Banner Information Disclosure
[15329] Microsoft IE Malformed RSA Public Key SSL Detection Failure
[15224] Microsoft IE External Caching Security Failure Arbitrary File Access
[15223] Microsoft IE XHTML Formatted Comment User Confirmation Bypass
[15222] Microsoft IE imagetoolbar Functionality Disable Pop Up Dereference DoS
[15221] Microsoft IE Drag and Drop Zone Security Preference Bypass
[15220] Microsoft IE showHelp() Function Cross Domain Code Execution
[15219] Microsoft IE XML Object Arbitrary File Access
[15218] Microsoft IE showHelp() Function Double Backslash Arbitrary .chm Execution
[15217] Microsoft IE input Tag Rendering DoS
[15216] Microsoft IE Dialog Box Cross Domain Arbitrary Program Execution
[15187] Microsoft Jet Database msjet40.dll File Parsing Overflow
[15110] Microsoft Outlook Connector for Lotus Domino Password Policy Bypass
[14882] Microsoft Office InfoPath Manifest.xsf Information Disclosure
[14801] Eudora 'Use Microsoft Viewer' Option IE Launch Arbitrary Code Execution
[14793] Microsoft IE window.showHelp() HTML Help File Arbitrary Command Execution
[14765] Windows NT FTP Server (WFTP) Pro Server MKD/XMKD Absolute Path DoS
[14764] Windows NT FTP Server (WFTP) Pro Server Unterminated Long Command DoS
[14763] Windows NT FTP Server (WFTP) Pro Server Multiple Command Local Overflow
[14762] Windows NT FTP Server (WFTP) STAT Command File Transfer Path Disclosure
[14761] Windows NT FTP Server (WFTP) REST Command Malformed File Write Handling Remote DoS
[14663] Microsoft AntiSpyware cscript/wscript Filter Bypass
[14617] Microsoft Exchange Server 2003 Folder Handling DoS
[14509] Microsoft Services for Unix Malformed RPC Client Fragment Packet DoS
[14502] Microsoft Data Access Components RDS Data Stub Remote Overflow
[14497] Microsoft Services for Unix RPC Library Malformed Packet Fragment DoS
[14478] Worldspan for Windows Gateway Res Manager Port 17990 Malformed Request DoS
[14446] Microsoft Virtual Machine Java Applet Invalid Handle DoS
[14445] Microsoft Virtual Machine XML Support Classes Inappropriate Methods
[14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
[14396] Microsoft ISA DNS Intrusion Detection Filter DoS
[14269] Windows NT FTP Server (WFTP) .lnk Traversal Arbitrary File Access
[14229] Microsoft IIS asp.dll Scripting.FileSystemObject Malformed Program DoS
[14150] Windows NT Inappropriate Registry Key Permissions
[14149] Windows NT Inappropriate Registry Key Value
[14068] Smarty Windows Installation File Permission Issue
[14025] Microsoft IE Script Initiated Popup Title Bar Spoofing
[13985] Microsoft IIS Malformed HTTP Request Log Entry Spoofing
[13945] Windows NT FTP Server (WFTP) Floppy Drive CD Request DoS
[13928] Microsoft ASP.NET HttpServerUtility.HtmlEncode Unicode Character Bypass
[13927] Microsoft ASP.NET Request Validation Mechanism Bypass
[13859] Windows NT FTP Server (WFTP) Pro Long CWD Command Remote Overflow
[13857] Windows NT Drivers DbgPrint Function Debug Message Format String
[13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
[13761] Microsoft Exchange 2000 Malformed URL Request DoS
[13760] Microsoft IIS Malformed URL Request DoS
[13759] Microsoft IIS ISAPI .ASP Parser Script Tag LANGUAGE Argument Overflow
[13634] Microsoft IIS Inetinfo.exe Malformed Long Mail File Name DoS
[13621] Microsoft Outlook Web Access (OWA) owalogon.asp Redirection Account Enumeration
[13608] Microsoft IE Drag-and-Drop Privilege Escalation
[13607] Microsoft IE CDF Cross-Domain Code Execution
[13606] Microsoft IE createControlRange() Function Heap Corruption
[13605] Microsoft IE URL Decoding Zone Spoofing Code Execution
[13604] Microsoft IE Drag-and-Drop File Injection
[13594] Microsoft Office XP URL Overflow
[13558] Microsoft IIS SSL Request Resource Exhaustion DoS
[13510] Microsoft Index Server AllowedPaths Registry Key Index Path Disclosure
[13507] Microsoft IIS showfile.asp FileSystemObject Arbitrary File Access
[13483] Microsoft Site Server AdSamples SITE.CSC Information Disclosure
[13482] Microsoft Network Monitor (Netmon) Protocol Parsing Remote Overflow
[13479] Microsoft IIS for Far East Parsed Page Source Disclosure
[13478] Microsoft MS01-014 / MS01-016 Patch Memory Leak DoS
[13473] Microsoft IIS on FAT Partition Local ASP Source Disclosure
[13472] Microsoft Services for Unix Telnet Service Memory Consumption DoS
[13471] Microsoft Services for Unix NFS Service Memory Consumption DoS
[13439] Microsoft IIS HTTP Request Malformed Content-Length Parsing Remote DoS
[13436] Microsoft Exchange LDAP Filter Exceptional BER Encoding DoS
[13433] Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
[13432] Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
[13431] Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure
[13430] Microsoft IIS aexp4.htr Password Policy Bypass
[13429] Microsoft IIS aexp3.htr Password Policy Bypass
[13428] Microsoft IIS aexp2b.htr Password Policy Bypass
[13427] Microsoft IIS aexp2.htr Password Policy Bypass
[13426] Microsoft IIS NTLM Authentication Request Parsing Remote Information Disclosure
[13425] Microsoft .NET orderdetails.aspx OrderID Parameter Arbitrary Order Access
[13418] Microsoft Virtual Machine Applet Tag Malformed CODEBASE Arbitrary File Access
[13417] Microsoft Virtual Machine COM Object Arbitrary Code Execution
[13412] Microsoft Virtual Machine user.dir Property Information Disclosure
[13406] Microsoft BizTalk Server BizTalkHTTPReceive.dll ISAPI Overflow
[13385] Microsoft IIS WebDAV Long PROPFIND/SEARCH Request DoS
[13333] Mozilla Thunderbird Microsoft IE Default Javascript Handler
[13325] Microsoft Network Monitor (Netmon) HTTP Protocol Parser Overflow
[13258] Microsoft IE Excel File Address Bar Spoofing
[13238] Microsoft PowerPoint Action Settings Allows Invocation of Default Browser
[13133] Microsoft IE iframe Tag Malformed file Attribute DoS
[13132] Microsoft IE %20 URL Spoofing
[13040] Microsoft IE Javascript Load Local File Path Disclosure
[12937] Microsoft Office Encrypted Document RC4 Implementation Weakness
[12918] Microsoft IE Dynamic IFRAME Tag XP SP2 File Download Security Bypass
[12862] Microsoft IE USER32.CharLowerA Exception DoS
[12806] Microsoft DATA Access IPS DAV Component Remote Arbitrary Content Write
[12709] Microsoft HTML Parser Malformed Javascript DoS
[12698] Microsoft IE FTP Download Traversal Arbitrary Command Execution
[12660] Microsoft IE with RealOne pnxr3260.dll Embed Tag Arbitrary Code Execution
[12654] Windows NT getCanonicalPath Memory Corropuption DoS
[12652] Microsoft Visual Basic for Applications (VBA) VBE.DLL and VBE6.DLL Long ID Overflow
[12612] NetCat for Windows -e Option Overflow
[12424] Microsoft IE DHTML Edit ActiveX Control execScript() XSS
[12408] Cisco Unity With Microsoft Exchange Multiple Default Accounts
[12375] Microsoft Word / Wordpad Font Converter Remote Overflow
[12373] Microsoft Word / Wordpad Tables Converter Remote Overflow
[12354] Symantec Windows LiveUpdate NetDetect Local Privilege Escalation
[12342] Microsoft IE BASE/FORM Address Bar Spoofing
[12313] Microsoft IE Cross-domain Browser Window Injection Content Spoofing
[12300] Microsoft SharePoint Portal Server STSADM.log-* Log Local User Credential Disclosure
[12299] Microsoft IE FTP URL Arbitrary Command Injection
[12277] Microsoft IE sysimage: Local File Existence Disclosure
[12258] Microsoft W3Who ISAPI (w3who.dll) Query String Remote Overflow
[12257] Microsoft W3Who ISAPI (w3who.dll) Error Message XSS
[12256] Microsoft W3Who ISAPI (w3who.dll) HTTP Connection Header XSS
[12206] Apple Safari Spoof Pop-Up Windows
[12163] Microsoft IE Save Picture As File Extension Spoofing
[12157] Windows Application GUI Masked Password Disclosure
[11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
[11957] Microsoft Outlook Express Troubleshooting Feature SMTP Auth Credential Disclosure
[11956] Microsoft Outlook/Express Message body NUL Character DoS
[11955] Microsoft IE/Outlook URL FORM Status Bar Spoofing
[11954] Microsoft Outlook Express .dbx Deleted E-mail Persistence
[11953] Microsoft Outlook Express A HREF Link Overflow DoS
[11952] Microsoft Outlook Express S/MIME CA Certificate Spoofing
[11951] Microsoft IE/Outlook XML File Attachment Arbitrary Script Execution
[11950] Microsoft Outlook Express MIME Header Manipulation File Extension Spoofing Weakness
[11949] Microsoft IE/Outlook BGSOUND Tag Information Disclosure
[11948] Microsoft IE/Outlook Express IFRAME Tag Parsing Remote DoS
[11947] Microsoft IE/Outlook BGSOUND Tag Parsing Remote DoS
[11946] Microsoft IE/Outlook Malformed XBM File DoS
[11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
[11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
[11943] Microsoft Outlook Image Tag Cookie Setting Bypass
[11942] Microsoft Outlook Express Email Forward Blocked Attachment Access
[11941] Microsoft Outlook Express HTML Frame base64 Attachment Security Bypass
[11940] Microsoft Outlook Blocked Attachment Access
[11939] Microsoft Outlook Attachment Spoofed Content Type
[11938] Microsoft Outlook Express Attachment Filename Overflow
[11937] Microsoft Outlook 98 Hidden Drive Access
[11935] Microsoft Multiple Mail Client Read/Delivery Receipt Tag DoS
[11918] Microsoft IE execCommand() File Extension Spoofing
[11914] Microsoft Virtual Machine JDBC API Remote Security Check Bypass
[11912] Microsoft Virtual Machine JDBC Java Applet Arbitrary DLL Load
[11878] Microsoft IE Crafted Path Arbitrary Cookie Overwrite
[11742] Microsoft IE Multiple Slash Disabled Protocol/Resource Restriction Bypass
[11712] Microsoft ISA Server 2000 H.323 Filter Overflow
[11580] Microsoft IE res: URI Handler File Existence Disclosure
[11492] Solaris OpenWindows sdtcm_convert Overflow
[11455] Microsoft IIS / PWS DOS Filename Request Access Bypass
[11452] Microsoft IIS Double Byte Code Arbitrary Source Disclosure
[11424] Microsoft Outlook V1 Exchange Server Security Certificate Cleartext Transmission
[11423] Microsoft Outlook Malformed Header DoS
[11422] Microsoft Outlook Express S/MIME Parsing Routine Remote Overflow
[11420] Microsoft Outlook WMP .wms File IFRAME Command Execution
[11419] Microsoft Outlook Express Header Carriage Return Filter Bypass
[11418] Microsoft Outlook Express text/plain MIME Content Embedded SCRIPT Tag Command Execution
[11417] Microsoft Outlook/Express VCard Handler Remote Overflow
[11416] Microsoft Outlook/Express Blank Header DoS
[11415] Microsoft Outlook Express Forced POP3 Command Mode DoS
[11409] Windows NT RRAS/RAS Client Persistent Password Caching
[11395] F-Secure Anti-Virus for Microsoft Exchange Nested Password Protected Archives Bypass
[11337] Microsoft IE FRAME/IFRAME/EMBED Tag Overflow
[11277] Microsoft IIS SSL ISAPI Filter Cleartext Information Disclosure
[11274] Microsoft IE "
[11268] Microsoft Exchange Internet Mail Service AUTH/AUTHINFO Command DoS
[11257] Microsoft IIS Malformed GET Request DoS
[11222] Microsoft XP SP2 Authenticated User Remote Shutdown
[11170] Microsoft IE iframe Malformed base href DoS
[11157] Microsoft IIS FTP Service PASV Connection Saturation DoS
[11152] Microsoft IE Malformed HTML Style DoS
[11138] Microsoft IE HTML Rendering mshtml.dll NULL Pointer Dereference DoS
[11101] Microsoft IIS Multiple Slash ASP Page Request DoS
[11097] Windows NT SP2 Passfilt.dll Password Complexity Weakness
[11088] Multiple VAX DECwindows Motif Server Local Privilege Escalation
[11068] Windows NT Win32k.sys Incorrect Parameter Local DoS
[11067] Windows NT NonPagedPool Lock Saturation DoS
[11063] Microsoft Site Server Direct Mailer TMLBQueue Share Information Disclosure
[11051] Microsoft Outlook cid: MIME Mishandling Forced Image Rendering
[11018] Microsoft SNA Server AS/400 Local APPC LU Shared Folder Disclosure
[11017] OpenVMS DECwindows/MOTIF User Account Lockout Weakness
[11010] Windows 2003 Multiple DACL Insecure Permissions
[10998] Microsoft Access Snapshot Viewer ActiveX Control Arbitrary Command Execution
[10996] Microsoft File Transfer Manager ActiveX Control Arbitrary Command Execution
[10995] Microsoft File Transfer Manager ActiveX Control Arbitrary File Upload/Download
[10994] Microsoft DirectX Files Viewer ActiveX Control xweb.ocx Overflow
[10992] Microsoft IE Embedded HTML Help Control Cross Zone Scripting
[10991] Microsoft IE HTML Help Drag and Drop Arbitrary Code Injection
[10977] Microsoft Eyedog ActiveX Server Side Redirect Arbitrary Command Execution
[10969] HP Tru64 X Windows Unspecified Local Overflow
[10968] HP Tru64 UNIX X Windows Unspecified File Permission Weakness
[10967] Microsoft IE Javascript User Homepage Address Spoofing
[10935] Microsoft Word Macro Security Model Bypass
[10895] Microsoft FrontPage asycpict.dll JPEG Processing DoS
[10756] Microsoft MSN heartbeat.ocx Component Overflow
[10736] Microsoft Excel SYLK Macro Arbitrary Command Execution
[10735] Microsoft Excel Virus Warning Mechanism Bypass
[10734] Microsoft Word/Excel Shared Document INCLUDEPICTURE Field Arbitrary File Read
[10733] Microsoft Word/Excel Shared Document INCLUDETEXT Field Arbitrary File Read
[10714] Microsoft cabarc Traversal Arbitrary File Overwrite
[10709] Microsoft IE SSL Cached Content Spoofing
[10708] Microsoft IE Image Tag Arbitrary Script Execution (HijackClick 3)
[10707] Microsoft IE Plug-in Navigation Address Bar Spoofing
[10706] Microsoft IE Double Byte Character Set Address Bar Spoofing
[10705] Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution
[10704] Microsoft IE Similar Method Name Redirection Cross Domain/Site Scripting
[10694] Microsoft Excel XLS File Local Overflow (MS04-033)
[10670] Microsoft ASP.NET Forms .aspx File Authentication Bypass
[10561] Apple QuickTime Player for Windows URL Handling Overflow
[10557] Microsoft ASP.NET Canonicalization Authentication Bypass
[10550] Microsoft IE Redirect Script Arbitrary XML Document Access
[10549] Microsoft Word .doc Parsing Exception Arbitrary Command Execution
[10379] Microsoft SQL Server Large Query DoS
[10358] Microsoft Outlook Client Persistent X-UIDL Header DoS
[10246] Microsoft Exchange Server Malformed NNTP AUTHINFO DoS
[10183] Microsoft SQL Server xp_sprintf Function DoS
[10181] Microsoft SQL Server formatmessage Function DoS
[10166] Microsoft SQL Server raiserror Function DoS
[10159] Microsoft SQL Server Multiple Extended Stored Procedure Overflows
[10158] Microsoft SQL Server Password Encryption Procedure Overflow
[10157] Microsoft SQL Server BULK INSERT Query Overflow
[10156] Microsoft SQL Server SQLExecutiveCmdExec Account Credential Encryption Weakness
[10155] Microsoft SQL Server Enterprise Manager Authentication Credential Encryption Weakness
[10154] Microsoft SQL Server xp_SetSQLSecurity Function Overflow
[10153] Microsoft SQL Server xp_proxiedmetadata Function Overflow
[10152] Microsoft SQL Server xp_printstatements Function Overflow
[10151] Microsoft SQL Server xp_peekqueue Function Remote Overflow
[10150] Microsoft SQL Server xp_updatecolvbm Function Overflow
[10149] Microsoft SQL Server xp_showcolv Function Remote Overflow
[10148] Microsoft SQL Server xp_enumresultset Function Overflow
[10147] Microsoft SQL Server xp_displayparamstmt Function Overflow
[10146] Microsoft SQL Server xp_sprintf Function Overflow
[10145] Microsoft SQL Server formatmessage Function Overflow
[10144] Microsoft SQL Server raiserror Function Overflow
[10143] Microsoft SQL Server OpenRowset OLE DB Provider Name Overflow
[10142] Microsoft SQL Server OpenDataSource OLE DB Provider Name Overflow
[10141] Microsoft SQL Server sestup.iss File Authentication Credential Disclosure
[10140] Microsoft SQL Server Stored Procedure Arbitrary Command Execution
[10139] Microsoft SQL Server Agent Arbitrary File Creation
[10138] Microsoft SQL Server xp_displayparamstmt Procedure Privilege Escalation
[10137] Microsoft SQL Server xp_printstatements Procedure Privilege Escalation
[10136] Microsoft SQL Server xp_execresultset Procedure Privilege Escalation
[10135] Microsoft SQL Server Malformed 0x08 Packet DoS
[10133] Microsoft SQL Server sp_MScopyscript Procedure scriptfile Parameter Arbitrary Code Execution
[10132] Microsoft SQL Server Authentication Function Remote Overflow
[10131] Microsoft SQL Server DBCC SourceDB Argument Arbitrary Command Execution
[10129] Microsoft Data Access Components SQL-DMO Broadcast Request Overflow
[10127] Microsoft SQL Server xp_runwebtask Procedure Privilege Escalation
[10126] Microsoft SQL Server CreateFile API Function Privilege Escalation
[10125] Microsoft SQL Server Named Pipe Hijack Privilege Escalation
[10123] Microsoft SQL Server LPC Packet Handling Local Overflow
[10104] Microsoft BizTalk Server DTA RawCustomSearchField.asp SQL Injection
[10103] Microsoft BizTalk Server DTA rawdocdata.asp SQL Injection
[10050] IBM OEM Windows XP Home Default Hidden Administrator Account
[10006] Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow
[9951] Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow
[9896] Microsoft Netmeeting Remote Desktop Sharing Remote Session Hijack
[9895] Microsoft NetMeeting Arbitrary Clipboard Content Disclosure
[9818] F-Secure Anti-Virus For Microsoft Exchange Content Scanner Server Exception Handling DoS
[9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
[9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
[9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
[9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
[9671] Microsoft IE onUnload Address Bar Spoofing
[9591] Windows Kernel Error Message Debugging Local Overflow
[9560] HP Systems Insight Manager Microsoft Security Patch Login DoS
[9543] Jetty CGI+windows Unspecified Security Issue
[9315] Microsoft IIS getdrvs.exe ODBC Sample Information Disclosure
[9314] Microsoft IIS mkilog.exe ODBC Sample Arbitrary Command Execution
[9207] Microsoft Content Management ManualLogin.asp REASONTXT Parameter XSS
[9200] Microsoft IIS Unspecified XSS Variant
[9199] Microsoft IIS shtml.dll XSS
[9189] Microsoft ASP.Net Null Character XSS Protection Bypass
[9172] Microsoft IE File/Directory Existence Disclosure
[9167] Microsoft Outlook Express BCC: Recipient Information Disclosure
[9070] Microsoft IE dragDrop Arbitrary File Upload (What a Drag II)
[8978] Microsoft IE Address Bar Spoofing (NullyFake)
[8941] Microsoft IE Merlin.speak Function CPU DoS
[8428] Microsoft NetMeeting Malformed Packets DoS
[8414] Microsoft IE mms: Protocol Handler Arbitrary Command
[8372] thttpd for Windows Encoded Traversal Arbitrary File Access
[8335] Microsoft IE mshtml.dll Null Pointer DoS
[8309] Mozilla Browsers For Windows XPInstall Security Dialog Arbitrary Extension Installation
[8277] Microsoft IE Malformed GIF Double-free DoS
[8276] Microsoft IE Malformed BMP Overflow
[8275] Microsoft IE Navigation Cross Domain Execution (InsiderPrototype)
[8243] Microsoft SMS Port 2702 DoS
[8224] Microsoft IE CSS Memory Corruption DoS
[8211] Microsoft Exchange Server Malformed SMTP Command DoS
[8210] Microsoft HTML Control Large Form Field DoS
[8148] Microsoft IE Arbitrary File Write (What a Drag)
[8129] Microsoft IE CSS Malformed div element DoS
[8098] Microsoft IIS Virtual Directory ASP Source Disclosure
[8053] Microsoft Virtual Machine Illegal Cast Operation Command Execution
[8052] Microsoft ActiveX Control Arbitrary Cabinet File Execution
[7963] Microsoft IE parent.window.open location.cache Script Execution
[7951] Microsoft SMS Remote Control Client DoS
[7916] Microsoft IE Multimedia Page XSS (viaSWFurl)
[7915] Microsoft IE ADODB.Stream Media Arbitrary File Execution
[7914] Microsoft IE .FOLDER File Type Execution
[7913] Microsoft IE Shell.Application ActiveX Arbitrary Command Execution
[7912] Microsoft IE showHelp() Arbitrary File Execution
[7910] Microsoft IE Double Slash Cache File Execution (DblSlashForCache)
[7909] Microsoft IE Cache Location Information Disclosure (execdror6)
[7907] Microsoft IE FileSystemObject ActiveX Object Arbitrary Command Execution
[7906] Microsoft IE WebBrowser ActiveX Object Clipboard Content Disclosure
[7905] Microsoft IE ie5setup.exe Multple Service Disable
[7903] Microsoft IE external.NavigateAndFind Arbitrary File Access
[7902] Microsoft IE / Outlook Express Active Scripting Arbitrary E-mail Message Access
[7901] Microsoft IE Active Setup ActiveX Component Arbitrary Software Installation
[7900] Microsoft IE WebBrowser Control NavigateComplete2 Policy Bypass
[7899] Microsoft IE with ActivePython ActiveX Control Arbitrary File Read
[7898] Microsoft IE with Google Toolbar Malicious HTML DoS
[7897] Microsoft IE Crafted Filename Arbitrary Visual FoxPro Application Execution
[7896] Microsoft IE Java Implementation Malformed Domain Portion Arbitrary Script Execution
[7895] Microsoft IE MS-DOS Device Name URL DoS
[7894] Microsoft IE Object Tag Type Property Double-byte Overflow
[7893] Microsoft IE window.open file: Security Bypass (WsOpenFileJPU)
[7892] Microsoft IE href Javascript Arbitrary Command Execution (BodyRefreshLoadsJPU)
[7890] Microsoft IE Download Function Cache Disclosure (threadid10008)
[7889] Microsoft IE createTextRange Security Bypass (LinKiller)
[7888] Microsoft IE createRange FIND Dialog Security Bypass (Findeath)
[7887] Microsoft IE XML Data Binding Object Tag Arbitrary Command Execution
[7886] Microsoft Java Virtual Machine StandardSecurityManager Restriction Bypass
[7885] Microsoft Java Implementation Applet Tag DoS
[7884] Microsoft Java Virtual Machine Passed HTML Object DoS
[7883] Microsoft Java Implementation CabCracker Class Security Bypass
[7882] Microsoft Java Applet Codebase Tag Arbitrary File Read
[7881] Microsoft Java Implementation INativeServices Clipboard Content Disclosure
[7880] Microsoft Java INativeServices Arbitrary Memory Information Disclosure
[7879] Microsoft Java getAbsolutePath Current Directory Disclosure
[7878] Microsoft Java Virtual Machine ClassLoader.loadClass Overflow
[7877] Microsoft Java Virtual Machine Class.forName Overflow
[7876] Microsoft IE .isp File Arbitrary Command Execution
[7874] Microsoft IE Cross-domain Sub-frame Navigation Content Spoofing
[7872] Microsoft IE ActiveX Object Code Arbitrary Command Execution (Qhosts)
[7866] Microsoft IE Frame Spoofing Content Injection
[7864] Microsoft IE URL History FTP Credential Disclosure
[7863] Microsoft IE OBJECT Tag Long CLASSID DoS
[7862] Microsoft IE User DAT File History Disclosure
[7861] Microsoft IE Standard Cache Control Authentication Credential Leak
[7860] Microsoft IE Java JSObject Cross Frame Security Policy Bypass
[7859] Microsoft IE Frame Domain Verification Arbitrary File Access
[7858] Microsoft IE CLSID Alteration Arbitrary Command Execution
[7857] Microsoft IE Script Tag SRC Value Arbitrary File Access
[7856] Microsoft IE Q312461 Patch HTTP_USER_AGENT Information Disclosure
[7854] Microsoft IE Chinese Character Scrolling DoS
[7853] Microsoft IE window.createPopup Chromeless Window Spoofing
[7852] Microsoft IE showModelessDialog Infinite Loop DoS
[7851] Microsoft IE Multiple Form Field DoS
[7850] Microsoft IE Malformed Content Header Arbitrary Command Execution
[7849] Microsoft IE Javascript location.replace Recursive DoS
[7848] Microsoft IE userData storeuserData Cookie Privacy Setting Bypass
[7847] Microsoft IE JVM System.out.println Logging Arbitrary Command Execution
[7846] Microsoft IE PNG Invalid Length Code DoS
[7845] Microsoft IE Encoded URL Information Disclosure
[7844] Microsoft IE Object Tag Temporary File Information Disclosure
[7843] Microsoft IE URLMON.DLL Multiple Overflows
[7842] Microsoft IE File Upload Control Arbitrary File Access
[7841] Microsoft IE Scriptlet Component Arbitrary File Access
[7840] Microsoft IE Javascript Applet Data Redirect Arbitrary File Access
[7839] Microsoft IE Malformed Favorite Icon Arbitrary Command Execution
[7838] Microsoft IE File Upload Control Paste Arbitrary File Read
[7837] Microsoft IE Cross Frame Security Arbitrary File Access
[7836] Microsoft IE EMBED Tag Overflow
[7835] Microsoft IE IFRAME Document.ExecCommand Restriction Bypass Arbitrary File Access
[7834] Microsoft IE Preloader Legacy ActiveX Arbitrary File Access
[7833] Microsoft IE/OE res: Protocol Library Overflow
[7832] Microsoft IE Client Window Reference Server Side Arbitrary File Access
[7831] Microsoft IE Virtual Machine Java Applet Sandbox Bypass
[7830] Microsoft IE mk: URL Handling Remote Overflow
[7829] Microsoft IE JScript Engine Window.External Function Arbitrary Command Execution
[7828] Microsoft IE Dotless IP Address Zone Privilege Escalation
[7827] Microsoft IE Cross Security Domain Arbitrary File Access
[7826] Microsoft IE SSL Certificate Validation Failure (v2)
[7825] Microsoft IE Domain Frame Arbitrary File Access
[7824] Microsoft IE Virtual Machine Unsigned Applet Arbitrary Command Execution
[7823] Microsoft IE Cached Content .chm Arbitrary Program Execution
[7822] Microsoft IE HTML Form Input Element Arbitrary File Access
[7821] Microsoft IE Print Templates Feature Arbitrary ActiveX Execution
[7820] Microsoft IE Scriptlet Invoking ActiveX Arbitrary File Access
[7819] Microsoft IE Small IFRAME DHTML Arbitrary File Access
[7818] Microsoft IE Page Redirect Authentication Credential Leak
[7817] Microsoft IE Frame Domain Validation Arbitrary File Access
[7816] Microsoft IE SFU Telnet Client Arbitrary Command Execution
[7807] Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
[7806] Microsoft IE HTML E-mail Feature Unusual MIME Type Command Execution
[7802] Microsoft IE File Download Extension Spoofing
[7801] Microsoft IE Javascript window.open Null-Pointer DoS
[7793] Microsoft Outlook Express Header Validation DoS
[7779] Microsoft IE AnchorClick Cross Zone Scripting
[7778] Microsoft Outlook Window Opener Script Execution
[7776] Microsoft IE Download Window Filename Filetype Spoofing
[7775] Microsoft IE Channel Link Script Injection
[7774] Microsoft IE Popup.show() Click Hijack (HijackClick 3)
[7769] Microsoft Outlook With Word Editor Object Tag Code Execution
[7762] Microsoft Java Virtual Machine Cross-Site Communication
[7746] Windows NT FTP Server (WFTP) CD Command Arbitrary File Access
[7739] Microsoft IE plugin.ocx Load() Method Overflow
[7737] Microsoft IIS ASP Redirection Function XSS
[7608] Microsoft Index Server Internet Data Query Path Disclosure
[7607] Microsoft IE CSS Unterminated Comment Handling Memory Corruption
[7595] Mozilla Browsers for Windows shell: URI Arbitrary Command Execution
[7405] Microsoft Phone Dialer (dialer.exe) Dialer Entry Overflow
[7296] Microsoft IE Cross-domain Frame Injection Content Spoofing
[7293] Microsoft Plus! Compressed Folder Password Disclosure
[7265] Microsoft IIS .ASP Session ID Disclosure and Hijacking
[7202] Microsoft PowerPoint 2000 File Loader Overflow
[7187] Microsoft MN-500 Web Administration Multiple Connections DoS
[7168] Microsoft Data Access Component Internet Publishing Provider WebDAV Security Zone Bypass
[7096] Microsoft Outlook Express Mac OS Auto HTML Download
[7055] Microsoft Outlook Express for Mac OS E-mail Long Line DoS
[6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
[6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
[6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
[6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
[6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
[6965] Microsoft ISA Server 2000 SSL Packet DoS
[6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
[6963] Microsoft IE showModalDialog Method Arbitrary Code Execution
[6931] Microsoft IE/Outlook Double Null Character DoS
[6749] Microsoft Crystal Reports Web Viewer crystalimagehandler.aspxArbitrary File Access
[6742] Microsoft DirectPlay Packet Validation DoS
[6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure
[6672] Microsoft SharePoint with MSIE settings.htm Authentication Bypass
[6538] Microsoft IE/Outlook ImageMap URL Spoofing
[6272] Microsoft IE MIME Content-Type Header Processing Weakness Cross-content XSS
[6257] Symantec Norton Anti-Virus CE Windows XP Floppy Scan Bypass
[6217] Microsoft Outlook RTF Embedded Object Security Bypass
[6121] Microsoft Outlook Express BASE HREF Web Content Loading
[6080] Microsoft IE MSHTML.DLL Cross-Frame Script Execution
[6079] Microsoft Outlook Remote XML Loading
[6031] Microsoft Exchange Multiple SMTP Command DoS
[6007] Microsoft IE/Outlook IMG/HREF Tag Code Execution
[5998] Microsoft Outlook Predictable File Caching
[5993] Microsoft Active Server Pages (ASP) Engine Malformed Cookie Handling Remote Information Disclosure
[5965] Microsoft IE MSHTML.DLL IMG SRC Tag Information Disclosure
[5936] Microsoft SMTP Service 4xx Error Code DoS
[5887] Microsoft Access 97 Cleartext Password Storage
[5884] Microsoft Site Server ASP Upload Remote Command Execution
[5869] Microsoft IE MSHTML.DLL Javascript %01 URL Arbitrary File Access
[5856] X Windows (X11) Magic Cookie Prediction Command Execution
[5855] Microsoft Exchange MTA HELO Command Remote Overflow
[5851] Microsoft IIS Single Dot Source Code Disclosure
[5833] Windows NT FTP Server (WFTP) Unprintable Character Overflow
[5829] Windows NT FTP Server (WFTP) Error Message Server Path Disclosure
[5736] Microsoft IIS Relative Path System Privilege Escalation
[5694] Microsoft IE Address Bar URL Spoofing
[5693] Microsoft MS00-060 Patch IIS Malformed Request DoS
[5633] Microsoft IIS Invalid WebDAV Request DoS
[5608] Microsoft NetMeeting Malformed String DoS
[5606] Microsoft IIS WebDAV PROPFIND Request DoS
[5600] Oracle Database on Windows NT Net8 Listener Thread Exhaustion Remote DoS
[5584] Microsoft IIS URL Redirection Malformed Length DoS
[5581] Trend Micro ScanMail for Microsoft Exchange Administrative Credential Disclosure
[5566] Microsoft IIS Form_VBScript.asp XSS
[5563] Microsoft IE Telnet Client SFU Arbitrary Command Execution
[5557] Microsoft Outlook Web Access With IE Embedded Script Execution
[5556] Microsoft IE Dotless IP Intranet Zone Spoofing
[5419] Microsoft IE mshtml.dll EMBED Directive Overflow
[5390] Microsoft Exchange NTLM Null Session Mail Relay
[5357] Microsoft Multiple Products for Mac File URL Overflow
[5356] Microsoft IE for Mac Local AppleScript Invocation
[5355] Microsoft MSN Chat ActiveX ResDLL Parameter Overflow
[5347] Microsoft SQL Server SQLXML ISAPI Extension Remote Overflow
[5343] Microsoft SQL Server SQLXML root Parameter XSS
[5342] Microsoft IE Malformed Web Page Zone Spoofing
[5316] Microsoft IIS ISAPI HTR Chunked Encoding Overflow
[5242] Microsoft IE/Outlook MHTML .chm ITS Protocol Handler Code Execution
[5241] Microsoft Jet Database Engine Remote Code Execution
[5175] Microsoft Excel Hyperlinked Workbook Arbitrary Code Execution
[5174] Microsoft Excel Inline Macro Arbitrary Code Execution
[5173] Microsoft Excel Embedded XSL Stylesheet Arbitrary Code Execution
[5172] Microsoft Commerce Server OWC Installer LocalSystem Arbitrary Code Execution
[5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
[5170] Microsoft Commerce Server OWC Installer Arbitrary Command Execution
[5163] Microsoft Commerce Server AuthFilter ISAPI Filter Overflow
[5162] Microsoft IE Legacy Data-island Capability Read Arbitrary XML File
[5152] Microsoft Legacy Text Formatting ActiveX Control Overflow
[5134] Microsoft IE Reference Local HTML Resource Script Execution
[5133] Microsoft Metadirectory Services LDAP Client Authentication Bypass
[5129] Microsoft IE Download File Origin Spoofing
[5126] Microsoft BackOffice Authentication Bypass
[5124] Microsoft TSAC ActiveX Long Server Name Overflow
[5064] Microsoft SQL Server Jet Engine OpenDataSource Function Overflow
[4968] Microsoft SharePoint Portal Server Multiple Unspecified XSS
[4951] Microsoft IE CLASSID Remote DoS
[4932] Microsoft Outlook Web Access SecurID Authentication Bypass
[4915] Microsoft Content Management Server (MCMS) Web Authoring Command File Upload Arbitrary Code Execution
[4914] Microsoft Content Management Server (MCMS) Resource Request SQL Injection
[4864] Microsoft IIS TRACK Logging Failure
[4863] Microsoft IIS Active Server Page Header DoS
[4862] Microsoft Content Management Server (MCMS) Unspecified Authentication Function Overflow
[4791] Microsoft IIS Response Object DoS
[4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
[4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
[4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
[4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
[4734] InoculateIT Microsoft Exchange Inbox Folder Tree Moved Message Scanning Bypass
[4655] Microsoft IIS ssinc.dll Long Filename Overflow
[4627] Microsoft IE Text Control Overflow
[4626] Microsoft DirectX Files Viewer xweb.ocx Overflow
[4578] Microsoft SQL Resolution Service Monitor Thread Registry Key Name Overflow
[4577] Microsoft SQL Resolution Service 0x08 Byte Long String Overflow
[4535] Microsoft Media Services ISAPI nsiislog.dll POST Overflow
[4513] Microsoft Visual C++ Constructed ISAPI Extensions
[4337] Windows NT FTP Server (WFTP) Pro Server Administrative GUI DoS
[4186] Microsoft IE Cookie Path Traversal
[4168] Microsoft Outlook 2002 mailto URI Script Injection
[4116] Windows NT FTP Server (WFTP) Xerox Docutech DoS
[4115] Windows NT FTP Server (WFTP) Server CPU Utilization DoS
[4114] Windows NT FTP Server (WFTP) Server STAT/LIST Command DoS
[4078] Microsoft IE Cross Frame Scripting Restriction Bypass
[4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
[3968] Microsoft FrontPage Personal Web Server Arbitrary File Access
[3893] Microsoft Virtual PC for Mac Insecure Temporary Files Creation
[3879] Microsoft IE File Identification Variant
[3791] Microsoft IE Travel Log Arbitrary Script Execution
[3738] Microsoft IE Content-disposition Header File Download Extension Spoofing
[3512] Microsoft IIS ODBC Tool getdrvrs.exe Remote DSN Creation
[3501] Microsoft FrontPage form_results Information Disclosure
[3500] Microsoft IIS fpcount.exe Remote Overflow
[3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
[3457] Microsoft MDAC Broadcast Reply Overflow
[3446] HD Soft Windows Ftp Server wscanf Function Format String
[3386] Microsoft FrontPage Server Extensions htimage.exe File Existence Enumeration
[3385] Microsoft FrontPage Server Extensions htimage.exe Remote Path Disclosure
[3384] Microsoft FrontPage htimage.exe Overflow
[3383] Microsoft FrontPage Server Extensions imagemap.exe File Verification
[3382] Microsoft FrontPage Server Extensions imagemap.exe Remote Path Disclosure
[3381] Microsoft FrontPage imagemap.exe Overflow
[3341] Microsoft IIS Redirect Response XSS
[3339] Microsoft IIS HTTP Error Page XSS
[3338] Microsoft IIS Help File XSS
[3328] Microsoft IIS FTP Status Request DoS
[3326] Microsoft IIS w3svc.dll ISAPI Filter URL Handling Remote DoS
[3325] Microsoft IIS HTR ISAPI Overflow
[3323] Microsoft IIS ISAPI .printer Extension Host Header Overflow
[3320] Microsoft IIS ASP Server-Side Include Buffer Overflow
[3316] Microsoft IIS HTTP Header Field Delimiter Overflow
[3313] Microsoft Word Form Protection Bypass
[3307] Microsoft IE showHelp() Zone Restriction Bypass
[3301] Microsoft IIS ASP Chunked Encoding Variant Heap Overflow
[3300] Microsoft FrontPage shtml MS-DOS Device Name DoS
[3284] Microsoft IIS Winmsdp.exe Arbitrary File Retrieval
[3257] Jordan Windows Telnet Server Overflow
[3231] Microsoft IIS Log Bypass
[3225] Microsoft IE for Mac Information Disclosure
[3195] Microsoft Exchange OWA REFERER Header XSS
[3144] Microsoft IE MHTML Redirection Local File Parsing (MhtRedirParsesLocalFile)
[3143] Microsoft IE MHTML Arbitrary File Execution (MhtRedirLaunchInetExe)
[3142] Microsoft IE Subframe XSS (BackToFramedJpu)
[3108] Microsoft Office 98 Macintosh Information Disclosure
[3104] Microsoft IE PPC Overwrite Arbitrary Files
[3099] Microsoft IE _search Window Execute Code (WsBASEjpu)
[3098] Microsoft IE history.back NAF Function Execute Script (NAFjpuInHistory)
[3097] Microsoft IE window.open Function Execute Code (WsFakeSrc)
[3096] Microsoft IE NavigateAndFind Function Execute Code (NAFfileJPU)
[3095] Microsoft IE history.back Function Information Disclosure (RefBack)
[3094] Microsoft IE window.moveBy Cursor Hijack (HijackClick)
[3068] Microsoft IE MSHTML/EditFlag Auto Open DoS
[3066] Microsoft IE Custom HTTP Errors Script Injection
[3065] Microsoft IE Unparsable XML File XSS
[3056] Microsoft IE MSN/Alexa Information Leak
[3055] Microsoft IE Spoofed URL
[3054] Microsoft IE %USERPROFILE% Folder Disclosure
[3053] Microsoft IE MHTML File Handler Arbitrary Script Injection
[3052] Microsoft IE/Outlook CODEBASE PopUp Object Remote Execution
[3051] Microsoft IE MHT Web Archive Overflow
[3050] Microsoft IE dragDrop Method Local File Reading
[3049] Microsoft IE ftp.htt FTP Web View URL XSS
[3036] Microsoft IE dynsrc File Information Leak
[3035] Microsoft WebBrowser Control t:video File Execution
[3034] Microsoft IE JavaScript script src Local File Enumeration
[3033] Microsoft IE Content Type/Disposition File Execution
[3032] Microsoft IE XMLHTTP Control Arbitrary Remote File Access
[3031] Microsoft IE document.Open Same Origin Policy Violation
[3030] Microsoft IE GetObject() Function Traveral Arbitrary File Access
[3029] Microsoft IE Cookie Execute Script in Local Computer Zone
[3028] Microsoft IE Content-disposition Header Auto Download/Execute
[3011] Microsoft IE OWC ConnectionFile File Existence Verification
[3010] Microsoft IE OWC XMLURL File Existence Verification
[3009] Microsoft IE OWC Load File Existence Verification
[3008] Microsoft IE OWC Cut/Paste Data Read and Injection
[3007] Microsoft IE OWC LoadText Read Arbitrary File
[3006] Microsoft IE OWC Script Execution
[3005] Microsoft IE WebBrowser Control dialogArguments XSS
[3004] Microsoft IE Gopher Client Overflow
[3003] Microsoft IE/Outlook OBJECT Cross Domain Scripting
[3002] Microsoft IE File Extension Dot Parsing
[3001] Microsoft IE XP HCP URI Handler File Deletion
[2999] Microsoft IE Powerpoint Mouse-Over Execute
[2998] Microsoft IE Frame Javascript URL Cross-Domain Script Execution
[2997] Microsoft IE oIFrameElement.Document IFRAME Bypass
[2996] Microsoft IE Object Zone Redirection
[2995] Microsoft IE (VictimWindow).document.write Cross Domain Scripting (SaveRef)
[2994] Microsoft IE (NewWindow).location.assign Save Reference
[2993] Microsoft IE % URL Encoding XSS
[2992] Microsoft IE HTML Help ActiveX Control alink and showHelp Overflow
[2991] Microsoft WinHlp Active-X Item Parameter Overflow
[2990] Microsoft IE IFRAME dialogArguments Object Bypass (BadParent)
[2986] Microsoft IE clipboardData Object Caching Cross-domain Policy Bypass
[2985] Microsoft IE execCommand Object Caching
[2984] Microsoft IE getElementsByTagName Object Caching
[2983] Microsoft IE getElementsByName Object Caching
[2982] Microsoft IE getElementById Object Caching
[2981] Microsoft IE elementFromPoint Object Caching
[2980] Microsoft IE createRange Object Caching
[2979] Microsoft IE external Object Caching
[2978] Microsoft IE showModalDialog Object Caching
[2977] Microsoft IE XML Datasource Read Local Files
[2976] Microsoft IE CTRL Key onkeydown Remote File Theft
[2975] Microsoft IE Back Button XSS
[2974] Microsoft IE/Outlook Temporary Internet File Execution
[2973] Microsoft IE Third Party Plugin Rendering XSS
[2972] Microsoft IE showModalDialog Script Execution
[2971] Microsoft WMP File Attachment Script Execution
[2970] Microsoft IE cssText Arbitrary File Access
[2969] Microsoft VM Bytecode Verifier Execute Arbitrary Code
[2968] Microsoft IE File Download Dialog Overflow
[2967] Microsoft IE Object Type Property Overflow
[2966] Microsoft IE BR549.DLL Overflow
[2965] Microsoft IE Cache Script Execution in My Zone
[2963] Microsoft IE align HTML Converter Overflow
[2952] Microsoft FrontPage Server Extensions (fp30reg.dll) Debug Function Chunked Encoded Request Remote Overflow
[2917] Microsoft Access Known Database Attack
[2801] Microsoft Word and Excel Execution of Arbitrary Code
[2800] Microsoft FrontPage Server Extensions SmartHTML DoS
[2784] Microsoft IE Component Function Information Disclosure
[2783] Microsoft IE XML Objection Information Disclosure (IredirNrefresh)
[2751] Microsoft Word Macro Name Handling Overflow
[2745] Microsoft HTML Help Control Privilege Escalation
[2707] Microsoft IE Drag and Drop Arbitrary File Installation
[2679] Microsoft Outlook Web Access XSS
[2674] Microsoft Exchange SMTP Extended Request Overflow
[2592] Microsoft PowerPoint Modify Protection Bypass
[2572] Microsoft BizTalk Server Insecure Permissions
[2544] Microsoft ASP.NET Request Validation Bypass
[2510] Microsoft Access Snapshot Viewer Buffer Overflow
[2508] Microsoft Visual Basic for Applications Buffer Overflow
[2506] Microsoft Word/Works Automated Macro Execution
[2453] Microsoft IE My Computer Zone Caching Issue
[2451] Microsoft IE Object Data Header Type Safe File Execution
[2423] Microsoft MCWNDX.OCX ActiveX Plugin Overflow
[2329] Microsoft SQL Server Named Pipe Hijacking Local Privilege Escalation
[2320] Microsoft ISA Server HTTP Error Handler XSS
[2306] Microsoft FrontPage Server Extensions SmartHTML Interpreter shtml.dll DoS
[2299] Microsoft SQL Server Named Pipe Handling Request Remote DoS
[2298] Microsoft ISA Server Error Page XSS
[2291] Microsoft IE DOM Script Source Recursive DoS
[2288] Microsoft Utility Manager Local Privilege Escalation
[2283] Microsoft Exchange OWA Execute Arbitrary Code
[2239] Microsoft NetMeeting Arbitrary File Write/Execution
[2106] Microsoft Media Services ISAPI nsiislog.dll Overflow
[2096] Microsoft ISA Server SurfControl Web Filter
[2062] CiscoSecure ACS For Windows Format String Overflow
[2061] Microsoft Outlook HTML Mail Script Execution
[2060] Microsoft IE Known Local File Script Execution
[2049] Microsoft Commerce Server ISAPI Long Authentication Overflow
[2047] Microsoft IE Content-Type Field Arbitrary File Execution
[2046] Microsoft IE Forced Script Execution
[2045] Microsoft IE HTML Document Directive Overflow
[2043] Microsoft Telnet Server Protocol Option Handling Remote Overflow
[2042] Microsoft Exchange System Attendant WinReg Remote Registry Key Manipulation
[2041] Microsoft Office for Macintosh Network PID Checker DoS
[2010] Microsoft SQL Server C Runtime Functions Format String DoS
[2008] Microsoft IE Same Origin Policy Violation
[2004] Microsoft IE Cross-frame Remote File Access
[1995] Microsoft IE Download Dialog File Extension Spoofing Weakness
[1992] Microsoft IE Cookie Disclosure
[1982] Microsoft IE about: URI XSS
[1978] Microsoft IE for Mac OS Download Execution
[1972] Microsoft IE HTTP Request Encoding Spoofing Weakness
[1971] Microsoft IE Dotless IP Zone Spoofing Weakness
[1968] Microsoft Excel/PowerPoint Macro Security Bypass
[1957] Microsoft Exchange OWA Malformed Request DoS
[1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
[1934] Microsoft ISA Server Invalid URL Error Message XSS
[1933] Microsoft ISA Server Proxy Service Memory Leak DoS
[1932] Microsoft ISA Server H.323 Memory Leak DoS
[1931] Microsoft IIS MIME Content-Type Header DoS
[1930] Microsoft IIS SSI ssinc.dll Filename Handling Overflow
[1927] Window Maker wmaker Long Windows Title overflow
[1902] Microsoft Outlook View ActiveX Arbitrary Command Execution
[1867] Microsoft Word Document Macro Execution
[1864] Microsoft SQL Server Administrator Cached Connection
[1856] Microsoft Exchange OWA Embedded Script Execution
[1852] Microsoft Outlook Address Book Spoofing Weakness
[1838] Microsoft Word .asd Macro File Execution
[1837] Microsoft Word RTF Template Macro Execution
[1832] Microsoft IE Spoofed SSL Certificates
[1831] Microsoft IE Server Certificate Validation Failure
[1826] Microsoft IIS Domain Guest Account Disclosure
[1824] Microsoft IIS FTP DoS
[1820] Microsoft Index Server Search Parameter Overflow
[1819] Windows 2000 Kerberos LSA Memory Leak/DoS
[1804] Microsoft IIS Long Request Parsing Remote DoS
[1789] Microsoft ISA Server Web Proxy Malformed HTTP Request Parsing Remote DoS
[1770] Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS
[1750] Microsoft IIS File Fragment Disclosure
[1724] Microsoft Web Client Extender NTLM Credential Disclosure
[1685] Microsoft IE .lnk/.url Arbitrary Command Execution
[1650] Microsoft Exchange Server EUSR_EXSTOREEVENT Default Account
[1609] Microsoft NetMeeting Remote Desktop Sharing Malformed String Handling DoS
[1606] Microsoft IE Cached Web Credentials Disclosure
[1568] CiscoSecure ACS for Windows CSAdmin Login Overflow DoS
[1553] Microsoft WebTV annclist.exe Malformed UDP Packet Parsing Remote DoS
[1543] Microsoft NT/IIS Invalid URL Request DoS
[1537] Microsoft Outlook Rich Text Format Information Disclosure
[1530] Microsoft Money Cleartext Password Storage
[1510] Microsoft IE Folder.htt Modification Privilege Escalation
[1505] Microsoft Word Mail Merge Arbitrary Command Execution
[1504] Microsoft IIS File Permission Canonicalization Bypass
[1502] Microsoft IE Scriptlet Rendering
[1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
[1477] Windows NT FTP Server (WFTP) STAT/LIST Command Parsing Remote DoS
[1475] Microsoft Outlook/Express Cache Bypass
[1467] Microsoft Outlook/Express GMT Field Buffer Overflow
[1465] Microsoft IIS .htr Missing Variable DoS
[1464] Microsoft IE/Outlook DHTMLED / IFRAME Arbitrary File Access
[1461] Microsoft Enterprise Manager DTS Package Password Disclosure
[1455] Microsoft Excel REGISTER.ID Function Arbitrary Code Execution
[1451] Microsoft SQL Server Stored Procedure Local Permission Restriction Bypass
[1428] Microsoft IE/Office ActiveX Object Execution
[1427] Microsoft IE VBA Code Execution
[1378] Microsoft IE SSL Certificates Validation Failure (v1)
[1369] Microsoft SQL Server DTS Password Disclosure
[1368] Microsoft Media Encoder Request Parsing Local DoS
[1342] Microsoft IE DocumentComplete() Cross Frame Access
[1341] Microsoft IE ActiveX Combined Component Attributes
[1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
[1326] Microsoft IE Crafted URL Cross Domain Cookie Disclosure
[1325] Microsoft IIS Malformed Filename Request File Fragment Disclosure
[1322] Microsoft IIS Malformed .htr Request DoS
[1281] Microsoft IIS Escaped Character Saturation Remote DoS
[1272] Microsoft Excel XLM Arbitrary Macro Execution
[1261] Microsoft IIS Chunked Transfer Encoding Remote Overflow DoS
[1250] Microsoft SQL Server Non-Validated Query
[1244] Microsoft Clip Art Buffer Overflow
[1210] Microsoft IIS WebHits.dll ISAPI Filter Traversal Arbitrary File Access
[1209] Microsoft Terminal Server rdisk Registry Information Disclosure
[1208] Microsoft East Asian Word Conversion Document Arbitrary Command Execution
[1207] Microsoft SMS Remote Control Weak Permission Privilege Escalation
[1188] Microsoft CIS IMAP Server Remote Overflow
[1170] Microsoft IIS Escape Character URL Access Bypass
[1156] Microsoft IE MSDXM.OCX vnd.ms.radio URL Handling Overflow
[1152] Microsoft IE Web Proxy Auto-Discovery Unauthorized Proxy Reconfiguration
[1145] Microsoft IE Offline Browsing Pack Task Scheduler
[1143] Microsoft SQL Server TDS Header NULL Data Handling Remote DoS
[1139] Microsoft Rich Text Format (RTF) Reader Malformed Control Word Overflow
[1130] Windows NT FTP Server (WFTP) MKD/CWD Nested Command Remote Overflow
[1083] Microsoft IIS FTP NO ACCESS Read/Delete File
[1082] Microsoft IIS Domain Resolution Access Bypass
[1069] Microsoft IE Import/Export Favorites
[1056] Microsoft Java Virtual Machine Sandbox Bypass
[1054] Microsoft IE scriptlet.typelib ActiveX Arbitrary Command Execution
[1052] Microsoft Jet Database Text I-ISAM Arbitrary File Modification
[1041] Microsoft IIS Malformed HTTP Request Header DoS
[1032] Microsoft FrontPage PWS GET Request Handling Remote DoS
[1031] Microsoft Exchange Server Encapsulated SMTP Address Open Relay
[1020] Microsoft IIS ISAPI GetExtensionVersion() Privilege Escalation
[1019] Microsoft Taskpads Feature Arbitrary Script Injection
[956] Windows NT RAS Phonebook Overflow
[946] Windows NT KnownDLLs Modification Privilege Escalation
[930] Microsoft IIS Shared ASP Cache Information Disclosure
[929] Microsoft IIS FTP Server NLST Command Overflow
[928] Microsoft IIS Long Request Log Evasion
[925] Microsoft Excel 97 CALL Arbitrary Command Execution
[922] Microsoft NetMeeting Clipboard Remote Overflow
[878] Microsoft SQL Resolution Service Keep-Alive Function DoS
[866] Microsoft Remote Data Protocol (RDP) Implementation Cryptographic Information Disclosure
[863] Microsoft Exchange Malformed Mail Attribute DoS
[852] Microsoft Exchange EHLO Long Hostname Overflow
[831] Microsoft Site Server LDAP_Anonymous Account Default Password
[827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
[815] Microsoft IIS ASP.NET trace.axd Application Tracing Information Disclosure
[814] Microsoft IIS global.asa Remote Information Disclosure
[782] Microsoft IIS / Site Server codebrws.asp Arbitrary File Access
[771] Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation
[768] Microsoft IIS ASP Chunked Encoding Heap Overflow
[763] Microsoft IE VBScript Mis-Handling Arbitrary File Access
[687] Multiple Vendor FTPD on Windows Floppy Request CPU Consumption DoS
[685] Cisco PIX Firewall Manager (PFM) on Windows Web Interface Traversal Arbitrary File Access
[636] Microsoft IIS sqlqhit.asp Sample Script CiScope Parameter Information Disclosure
[630] Microsoft IIS Multiple Malformed Header Field Internal IP Address Disclosure
[626] Microsoft Exchange OWA fumsg.asp Global Address List (GAL) Disclosure
[601] Microsoft Exchange Server LDAP Bind Function Overflow
[574] OpenWindows winselection Race Condition Privileged Content Disclosure
[568] Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
[564] Microsoft IIS ISM.dll Fragmented Source Disclosure
[558] Microsoft SQL Server 0x02 Packet Remote Information Disclosure
[556] Microsoft IIS/PWS Encoded Filename Arbitrary Command Execution
[553] Microsoft Index Server Malformed Search Arbitrary Server-side Include File Access
[531] Microsoft SQL Server Registry Key Permission Weakness Privilege Escalation
[525] Microsoft IIS Webserver Invalid Filename Request Arbitrary Command Execution
[516] Microsoft Point-to-Point Tunneling Protocol (PPTP) Encryption Weakness
[482] Microsoft IIS FrontPage Server Extensions (FPSE) Malformed Form DoS
[475] Microsoft IIS bdir.htr Arbitrary Directory Listing
[474] Microsoft IIS / Site Server viewcode.asp Arbitrary File Access
[473] Microsoft IIS Multiple .cnf File Information Disclosure
[471] Microsoft IIS ServerVariables_Jscript.asp Path Disclosure
[470] Microsoft IIS Form_JScript.asp XSS
[463] Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
[457] Microsoft Exchange Malformed MIME Header DoS
[436] Microsoft IIS Unicode Remote Command Execution
[425] Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
[414] OpenWindows ttyselection Race Condition Privileged Content Disclosure
[396] Microsoft FrontPage shtml.exe MS-DOS Device Name Request DoS
[391] Microsoft IIS IDA/IDQ Document Root Path Disclosure
[390] Microsoft IIS Translate f: Request ASP Source Disclosure
[386] Windows NT FTP Server (WFTP) Unauthenticated MLST Command Remote DoS
[384] Windows 2000 Service Control Manager Named Pipe Impersonation
[380] MySQL Server on Windows Default Null Root Password
[365] Windows NT FTP Server (WFTP) Out of Sequence RNTO Command Remote DoS
[342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
[308] Microsoft IIS Malformed File Extension URL DoS
[307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
[285] Microsoft IIS repost.asp File Upload
[284] Microsoft IIS IISADMPWD Virtual Directory Information Enumeration
[283] Microsoft IIS /iissamples Multiple Sample Scripts Installed
[282] Microsoft FrontPage dvwssr.dll Backdoor and Overflow
[277] Microsoft IIS / PWS %2e Request ASP Source Disclosure
[276] Microsoft IIS ASP::$DATA Stream Request ASP Source Disclosure
[275] Microsoft IIS newdsn.exe Remote Arbitrary File Creation
[274] Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution
[273] Microsoft IIS Upgrade ism.dll Local Privilege Escalation
[272] Microsoft IIS MDAC RDS Arbitrary Remote Command Execution
[271] Microsoft IIS WebHits null.htw .asp Source Disclosure
[241] Windows NT FTP Server (WFTP) Unpassworded Guest Account
[111] Microsoft Personal Web Server Multiple Dot Request Arbitrary File Access
[98] Microsoft IIS perl.exe HTTP Path Disclosure
[97] Microsoft IIS ISM.DLL HTR Request Overflow
[96] Microsoft IIS idq.dll Traversal Arbitrary File Access
[68] Microsoft FrontPage Extensions .pwd File Permissions
[67] Microsoft FrontPage Extension shtml.dll Anonymous Account Information Disclosure
[7] Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access
[4] Microsoft IIS ExAir advsearch.asp Direct Request Remote DoS
[3] Microsoft IIS ExAir query.asp Direct Request Remote DoS
[2] Microsoft IIS ExAir search.asp Direct Request DoS
| ||||||
| 445 | tcp | open syn-ack |
microsoft-ds | |||
| 2179 | tcp | open syn-ack |
vmrdp | |||
| 5357 | tcp | open syn-ack |
http | Microsoft HTTPAPI httpd | 2.0 | SSDP/UPnP |
cpe:/o:microsoft:windowsvulscanVulDB - https://vuldb.com: [176520] Microsoft Windows 10 20H2 up to Server 2004 DWM Core Library unknown vulnerability [176499] Microsoft Windows 10 20H2/10 21H1/10 2004/Server 20H2/Server 2004 Bind Filter Driver information disclosure [176494] Microsoft Windows 10 20H2 up to Server 2004 Kernel information disclosure [174866] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174865] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 HTTP Protocol Stack unknown vulnerability [174863] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174862] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Container Manager Service unknown vulnerability [174847] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Desktop Bridge denial of service [174845] Microsoft Windows 10 20H2 up to 10 2004 WalletService unknown vulnerability [174841] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Media Foundation Core unknown vulnerability [174835] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB Client Security Feature unknown vulnerability [172920] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 SMB information disclosure [171009] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V unknown vulnerability [169521] Microsoft Windows 10 20H2/10 2004/Server 20H2/Server 2004 Network File System denial of service [167636] Microsoft Windows 10 20H2 up to Server 2004 Hyper-V denial of service [160939] Microsoft Windows up to Server 2004 InstallService privilege escalation [160911] Microsoft Windows up to Server 2004 StartTileData.dll privilege escalation [160905] Microsoft Windows up to Server 2004 StartTileData.dll information disclosure [160903] Microsoft Windows 10 2004 Shell Infrastructure privilege escalation [160868] Microsoft Windows 10 2004/Server 2004 Projected Filesystem privilege escalation [159510] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4.7.2/4.8 privilege escalation [159509] Microsoft Windows 10 1909/10 2004 Codecs Library memory corruption [159500] Microsoft Windows up to Server 2004 Codecs Library memory corruption [159496] Microsoft Windows up to 10 2004 Codecs Library memory corruption [157988] Microsoft Windows 10 2004/Server 2004 Subsystem for Linux privilege escalation [157973] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157972] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157971] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157970] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157969] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157968] Microsoft Windows 2012/2012 R2/2016/Server 2008 R2 SP1 Hyper-V RemoteFX vGPU privilege escalation [157881] Microsoft Windows up to Server 2004 Font Driver Host memory corruption [156422] Microsoft Windows 10 2004/Server 2004 SMBv3 denial of service [156421] Microsoft Windows up to Server 2004 SMBv3 information disclosure [156410] Microsoft Windows up to Server 2004 Windows Runtime privilege escalation [156401] Microsoft Windows up to Server 2004 Kernel privilege escalation [156399] Microsoft Windows up to Server 2004 Kernel privilege escalation [156386] Microsoft Windows up to Server 2004 GDI+ memory corruption [156381] Microsoft Windows up to Server 2004 Kernel privilege escalation [156370] Microsoft Windows 10 2004/Server 2004 Connected User Experiences/Telemetry Service privilege escalation [156360] Microsoft Windows up to Server 2004 Windows Service information disclosure [156349] Microsoft Windows up to Server 2004 Update Orchestrator Service privilege escalation [156303] Microsoft Windows 10 1709/10 1803/10 1809/10 1903/Server 2004 Feedback Hub privilege escalation [155152] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Media Foundation memory corruption [153197] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [149948] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [146875] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 COM Server privilege escalation [146803] Microsoft Visual Studio 2008 Express XML External Entity [145342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k Graphics memory corruption [143116] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI information disclosure [143115] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption [143114] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [143099] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 NTLMv2 weak encryption [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k privilege escalation [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK privilege escalation [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption [111566] Microsoft Word 2007/2010/2013/2016 memory corruption [111565] Microsoft Word 2007/2010/2013 Email Message privilege escalation [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro 7PK Security Features [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library Data Processing Error [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 memory corruption [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 7PK Security Features [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga information disclosure [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption [101017] Microsoft Office 2007 SP3/2010 SP2/2016 Data Processing Error [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory information disclosure [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication EsteemAudit privilege escalation [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message memory corruption [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex privilege escalation [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Immortal/ExploidingCan memory corruption [98092] Microsoft SharePoint Server 2007 SP3 memory corruption [98088] Microsoft SharePoint Server 2007 SP3 memory corruption [98087] Microsoft Office 2007 SP3/2010 SP2 information disclosure [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98085] Microsoft Excel 2007 SP3 memory corruption [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption [98078] Microsoft Word/Excel 2007 SP3 memory corruption [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component memory corruption [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [94439] Microsoft Office 2007 SP3/2011 information disclosure [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption [93541] Microsoft Office 2007 SP3 privilege escalation [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption [93537] Microsoft Office 2007/2010 SP2/2011 information disclosure [93396] Microsoft Office 2007/2010/2011 memory corruption [93395] Microsoft Office 2007/2010/2011 memory corruption [93394] Microsoft Office 2007/2010 memory corruption [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 privilege escalation [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption [91545] Microsoft Office 2007/2010 memory corruption [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption [90705] Microsoft Office 2007/2010/2011 memory corruption [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [88885] Microsoft Office 2000 SP1 Service Pack 2 privilege escalation [88781] Microsoft Windows 2000 Active Directory Schema privilege escalation [88765] Microsoft Windows 2000/2000 SP1/2000 SP2 Service Pack 3 privilege escalation [88655] Microsoft Windows 2000 DNS Server privilege escalation [88644] Microsoft Windows 2000 Active Directory Kerberos Ticket Logging privilege escalation [88583] Microsoft IIS 2.0/2.5 URLScan information disclosure [88236] Microsoft Windows NT 4.0/2000/Server 2003/XP SNMP WINS privilege escalation [88157] Microsoft Windows 2000/NT Password Policy weak authentication [88155] Microsoft Windows 2000/NT/XP LAN Manager weak encryption [88154] Microsoft Windows 2000/NT Username information disclosure [88153] Microsoft Windows 2000/NT information disclosure [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory privilege escalation [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL privilege escalation [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript privilege escalation [87147] Microsoft Office 2007/2010 memory corruption [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption [84364] Microsoft PowerPoint 2000/2002/2003 mso.dll memory corruption [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [81273] Microsoft Office 2007/2010/2013/2016 privilege escalation [81272] Microsoft Office 2007/2010/2013 memory corruption [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader privilege escalation [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader privilege escalation [79505] Microsoft Office 2007 memory corruption [79504] Microsoft Office 2007/2010/2013/2016 privilege escalation [79503] Microsoft Office 2007/2010/2013 memory corruption [79502] Microsoft Office 2007/2010/2011 memory corruption [79501] Microsoft Office 2007/2010 memory corruption [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe Numeric Error [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services information disclosure [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image privilege escalation [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font privilege escalation [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V 7PK Security Features [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function privilege escalation [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 privilege escalation [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption [74845] Microsoft Office 2007/2010/2013 Document memory corruption [74844] Microsoft Office 2007/2010 Document memory corruption [74837] Microsoft Office 2007/2010/2011/2013 RTF Document denial of service [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting [71337] Microsoft Office 2000/2004/XP privilege escalation [69158] Microsoft Office 2007/2010/2013 memory corruption [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream denial of service [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet denial of service [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 privilege escalation [60065] Microsoft Windows 2000 mod_sql information disclosure [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet privilege escalation [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption [58488] Microsoft Office 2007/2010 privilege escalation [57691] Microsoft SQL Server 2008 Web Service information disclosure [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption [57689] Microsoft Excel 2002 Spreadsheet memory corruption [57688] Microsoft Excel 2002 Spreadsheet memory corruption [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption [57686] Microsoft Excel 2002 Spreadsheet memory corruption [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption [57420] Microsoft PowerPoint 2002/2003 memory corruption [57079] Microsoft PowerPoint 2002/2003/2007/2010 privilege escalation [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability [57077] Microsoft Excel 2002 memory corruption [57076] Microsoft Excel 2002/2003 memory corruption [57075] Microsoft Excel 2002/2003 memory corruption [57074] Microsoft Excel 2002 memory corruption [57073] Microsoft Excel 2002/2003/2007/2010 Numeric Error [56475] Microsoft Office 2004/2008 privilege escalation [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption [55765] Microsoft Office 2003/Xp Numeric Error [55764] Microsoft Office 2003/Xp memory corruption [55420] Microsoft Office 2007/2010 memory corruption [55419] Microsoft Office 2004/2008/2011/Xp memory corruption [55412] Microsoft PowerPoint Viewer 2007 Numeric Error [55411] Microsoft PowerPoint 2002/2003 memory corruption [54995] Microsoft Office 2004/2008 privilege escalation [54994] Microsoft Office 2004/2008 privilege escalation [54993] Microsoft Office Compatibility Pack 2007 privilege escalation [54992] Microsoft Excel 2002 privilege escalation [54991] Microsoft Office 2004 Future privilege escalation [54990] Microsoft Office 2004 privilege escalation [54989] Microsoft Office 2004/2008 privilege escalation [54988] Microsoft Excel 2002 privilege escalation [54987] Microsoft Excel 2002 privilege escalation [54986] Microsoft Excel 2002/2003 privilege escalation [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 privilege escalation [54984] Microsoft Office 2004/2008 privilege escalation [54983] Microsoft Excel 2002 Numeric Error [54980] Microsoft Word 2002/2003 privilege escalation [54979] Microsoft Word 2002 privilege escalation [54978] Microsoft Word 2002 privilege escalation [54977] Microsoft Word 2002 privilege escalation [54976] Microsoft Word 2002 denial of service [54975] Microsoft Word 2002 privilege escalation [54974] Microsoft Word 2002 privilege escalation [54973] Microsoft Word 2002 privilege escalation [54972] Microsoft Word 2002 privilege escalation [54971] Microsoft Word 2002 privilege escalation [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery [54550] Microsoft PowerPoint 2007 rpawinet.dll privilege escalation [54322] Microsoft Word 2002/2003 privilege escalation [54321] Microsoft Office Compatibility Pack 2007 memory corruption [54320] Microsoft Office Compatibility Pack 2007 privilege escalation [54319] Microsoft Office Compatibility Pack 2007 privilege escalation [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces privilege escalation [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll privilege escalation [53591] Microsoft Windows Server 2003 GetServerName cross site scripting [53505] Microsoft Excel 2002/2007 privilege escalation [53504] Microsoft Excel 2002 privilege escalation [53503] Microsoft Excel 2002 privilege escalation [53502] Microsoft Excel 2002 privilege escalation [53501] Microsoft Excel 2002 privilege escalation [53500] Microsoft Excel 2002 privilege escalation [53499] Microsoft Excel 2002 privilege escalation [53498] Microsoft Excel 2002 privilege escalation [53497] Microsoft Excel 2002 privilege escalation [53496] Microsoft Excel 2002 privilege escalation [53495] Microsoft Excel 2002/2003/2007 privilege escalation [53494] Microsoft Excel 2002 privilege escalation [53493] Microsoft Excel 2002/2003/2007 privilege escalation [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL privilege escalation [52148] Microsoft Office 2004/2007/2008 privilege escalation [52147] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52146] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption [52145] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52144] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52143] Microsoft Office 2004/2007/2008 Spreadsheet privilege escalation [52036] Microsoft Windows 2000 MsgBox memory corruption [51995] Microsoft SharePoint Server up to 2006 cross site scripting [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption [51802] Microsoft PowerPoint 2003 memory corruption [51801] Microsoft PowerPoint 2003 memory corruption [51800] Microsoft PowerPoint 2002/2003 privilege escalation [51799] Microsoft PowerPoint 2002/2003 privilege escalation [51798] Microsoft PowerPoint 2002/2003 memory corruption [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 privilege escalation [51074] Microsoft Office 2002/2003 Numeric Error [50794] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50793] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50792] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50791] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50790] Microsoft Office 2004/2008 Spreadsheet memory corruption [50789] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50788] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50787] Microsoft Office 2004/2008 Spreadsheet privilege escalation [50786] Microsoft Windows 2000 llssrv.exe memory corruption [50660] Microsoft SharePoint Server 2007 privilege escalation [50443] Microsoft PowerPoint 2007 Numeric Error [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 privilege escalation [49866] Microsoft Windows Server 2003 privilege escalation [49745] Microsoft Windows Server 2003 denial of service [49395] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49394] Microsoft Windows Server 2003 privilege escalation [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption [49389] Microsoft Office 2000/2003/XP Office Web Components denial of service [49198] Microsoft Visual Studio 2005 information disclosure [49046] Microsoft Windows Server 2003 quartz.dll privilege escalation [49045] Microsoft Windows Server 2003 quartz.dll privilege escalation [49044] Microsoft ISA Server 2006 privilege escalation [48894] Microsoft Windows Server 2003 msvidctl.dll privilege escalation [48572] Microsoft PowerPoint 2002 FL21WIN.DLL privilege escalation [48554] Microsoft Excel 2000/2003/2007 privilege escalation [48517] Microsoft Windows 2000 denial of service [48516] Microsoft Windows Server 2008 privilege escalation [48515] Microsoft Office Word Viewer 2003 memory corruption [48514] Microsoft Office Word Viewer 2003 memory corruption [48512] Microsoft Windows Server 2008 privilege escalation [48157] Microsoft PowerPoint 2002 Sound memory corruption [48156] Microsoft PowerPoint 2000 memory corruption [48155] Microsoft PowerPoint 2002 Notes Container memory corruption [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption [48153] Microsoft PowerPoint 2002 Sound privilege escalation [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption [48151] Microsoft PowerPoint 2002 memory corruption [48150] Microsoft PowerPoint 2002 Sound privilege escalation [48149] Microsoft PowerPoint 2002 privilege escalation [48148] Microsoft PowerPoint 2002 Sound privilege escalation [48147] Microsoft PowerPoint 2002 Sound privilege escalation [48146] Microsoft PowerPoint 2002 Numeric Error [47719] Microsoft Windows 2000 memory corruption [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet denial of service [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV privilege escalation [47715] Microsoft Windows 2000 Wordpad memory corruption [47091] Microsoft Windows Server 2008 privilege escalation [47090] Microsoft Windows Server 2008 privilege escalation [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe privilege escalation [46455] Microsoft Exchange Server 2007 privilege escalation [46454] Microsoft Exchange Server 2007 denial of service [46327] Microsoft Word 2007 information disclosure [45381] Microsoft Windows Server 2008/Vista SP1 Explorer denial of service [45380] Microsoft Windows Server 2008/Vista SP1 Search denial of service [45379] Microsoft Office SharePoint Server 2007 weak authentication [45197] Microsoft Windows 2000 nskey.dll memory corruption [45063] Microsoft Windows Server 2003 Active Directory information disclosure [45040] Microsoft .NET Framework 2.0.50727 Code Access Security weak encryption [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability [44589] Microsoft Exchange Server 2003 Outlook Web Access directory traversal [44533] Microsoft Windows 2000 mqsvc.exe privilege escalation [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption [43957] Microsoft Office 2003/2007/Xp gdiplus.dll Numeric Error [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption [43955] Microsoft Office 2003/2007/Xp gdiplus.dll denial of service [43952] Microsoft Office 2003/2007/Xp URI privilege escalation [43676] Microsoft Windows 2000/Server 2003/Vista/XP privilege escalation [43675] Microsoft Windows 2000/Server 2003/Vista/XP of privilege escalation [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 denial of service [43661] Microsoft PowerPoint Viewer 2003 denial of service [43660] Microsoft PowerPoint Viewer 2003 denial of service [43657] Microsoft Office 2000/2003/Xp denial of service [43654] Microsoft SharePoint Server 2007 denial of service [43653] Microsoft Office 2000/2002/2004/2008 privilege escalation [43652] Microsoft Office 2000/2002/2003/2004/2008 privilege escalation [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS unknown vulnerability [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx privilege escalation [42816] Microsoft Word 2000/2003 denial of service [42732] Microsoft Windows Server 2003/Vista/XP privilege escalation [42731] Microsoft Windows Server 2003 privilege escalation [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting [41881] Microsoft Office 2003/2007/2007 Sp1/Xp denial of service [41880] Microsoft Project 2000/2002/2003 denial of service [41879] Microsoft Windows 2000/Server 2003/Vista memory corruption [41878] Microsoft Windows 2000/Server 2003/Vista weak authentication [41877] Microsoft Windows Server 2003 vbscript.dll privilege escalation [41455] Microsoft Office 2000/2003/2004/Xp privilege escalation [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption [41453] Microsoft Excel 2000/2002/2003 privilege escalation [41452] Microsoft Excel 2000/2002/2003/2007 privilege escalation [41451] Microsoft Excel 2000/2002/2003 privilege escalation [41450] Microsoft Excel 2000 privilege escalation [41449] Microsoft Excel 2000/2002/2003 privilege escalation [41448] Microsoft Office 2000/Xp Office Web Components privilege escalation [41003] Microsoft Office 2000/2003/2004/Xp denial of service [41002] Microsoft Office 2000/2003/Xp denial of service [40987] Microsoft Windows 2000 privilege escalation [40020] Microsoft Office 2007 ZIP Container privilege escalation [39769] Microsoft Windows 2000 cryptgenrandom information disclosure [39749] Microsoft Windows 2000 msjet40.dll memory corruption [39655] Microsoft Windows Server 2003 Configuration [39324] Microsoft Windows Mobile 2005 SMS privilege escalation [38999] Microsoft Windows Server 2003 explorer.exe denial of service [38899] Microsoft ISA Server 2004 information disclosure [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption [38326] Microsoft Windows 2000 attemptwrite Numeric Error [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption [37738] Microsoft Office 2002/2003 memory corruption [37566] Microsoft Excel 2003 unknown vulnerability [37526] Microsoft Windows 2000/Server 2003 denial of service [37251] Microsoft Windows 2000 memory corruption [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption [36628] Microsoft Word 2000/2002/2003/2004 winword.exe privilege escalation [36621] Microsoft Exchange Server 2000 Numeric Error [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting [36619] Microsoft Exchange Server 2000/2003/2007 MIME memory corruption [36618] Microsoft Exchange Server 2000 denial of service [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption [36515] Microsoft Windows 2000/Server 2003/XP memory corruption [36052] Microsoft Windows 2000 memory corruption [36051] Microsoft Word 2007 file798-1.doc memory corruption [36050] Microsoft Word 2007 file789-1.doc memory corruption [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting [36002] Microsoft Windows 2000/XP denial of service [35846] Microsoft Windows 2000/Server 2003 Default Configuration [35373] Microsoft Excel 2003 denial of service [35372] Microsoft Office 2003 denial of service [35206] Microsoft Windows Server 2003/XP denial of service [35161] Microsoft ISA Server 2004 unknown vulnerability [35001] Microsoft Office 2000/2003/2004/Xp privilege escalation [35000] Microsoft Word 2000/2002/2003 privilege escalation [34994] Microsoft Windows 2000 OLE Dialog memory corruption [34993] Microsoft Office 2000/2003/Xp memory corruption [34322] Microsoft Office 2000/2003/Xp memory corruption [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet memory corruption [34320] Microsoft Office 2000/2003/2004/Xp memory corruption [34319] Microsoft Office 2000/2003/2004/Xp memory corruption [34318] Microsoft Office 2000/2003/2004/Xp memory corruption [34126] Microsoft Office 2003 memory corruption [34122] Microsoft Office Web Components 2000 privilege escalation [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption [33766] Microsoft Word 2000/2002/2003 memory corruption [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption [32694] Microsoft Windows 2000 privilege escalation [32693] Microsoft Word 2004 memory corruption [32690] Microsoft Office 2000/2003/2004/Xp privilege escalation [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [32687] Microsoft Word 2000/2002 memory corruption [32686] Microsoft Office 2000/2001/2003/2004 Numeric Error [32685] Microsoft Office 2000/2001/2003/2004 memory corruption [32676] Microsoft Office 2000/2001/2003/2004 privilege escalation [32675] Microsoft Office 2000/2003/2004/Xp privilege escalation [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service [31354] Microsoft PowerPoint 2003 memory corruption [31351] Microsoft ISA Server 2004 Filters unknown vulnerability [31318] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31317] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31316] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31313] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31312] Microsoft Excel 2000/2002/2003/2004/XP privilege escalation [31311] Microsoft Excel 2000/2002/2003/XP privilege escalation [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption [31237] Microsoft Office 2000/2003/Xp privilege escalation [31235] Microsoft Office 2000/2003/Xp memory corruption [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption [31133] Microsoft Windows Server 2003/XP explorer.exe memory corruption [30801] Microsoft Windows up to 2000 Connection Manager memory corruption [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator denial of service [29524] Microsoft ISA Server 2004 unknown vulnerability [29423] Microsoft Office 2000/2003/2004/Xp excel.exe privilege escalation [29209] Microsoft Office 2000/2003/2004/Xp memory corruption [29208] Microsoft Office 2000/2003/2004/Xp memory corruption [29207] Microsoft Office 2000/2003/2004/Xp memory corruption [29206] Microsoft Office 2000/2003/2004/Xp memory corruption [29205] Microsoft Office 2000/2003/2004/Xp memory corruption [28987] Microsoft Windows NT 4.0/2000/Server 2003 Default Configuration denial of service [28939] Microsoft Word 2003 denial of service [28452] Microsoft Windows 2000/Server 2003/XP unknown vulnerability [28254] Microsoft Windows 2000 Rendering Engine extescape denial of service [27519] Microsoft Windows Server 2003/XP mshtml.dll denial of service [27160] Microsoft Windows 2000/XP Rendering Engine gdi32.dll memory corruption [26618] Microsoft Windows 2000/XP Subsystem memory corruption [25518] Microsoft ISA Server 2000 Packet Filter unknown vulnerability [25517] Microsoft ISA Server 2000 unknown vulnerability [25397] Microsoft ISA Server 2000 wspsrv.exe denial of service [24907] Microsoft Windows 2000 TCP/IP Stack denial of service [24822] Microsoft Outlook 2003 Outlook Web Access weak authentication [24746] Microsoft Windows 2000/ME Explorer denial of service [24640] Microsoft Office InfoPath 2003 SP1 information disclosure [24510] Microsoft Word 2000/2002/2003 memory corruption [24283] Microsoft Windows 2000/Server 2003/XP memory corruption [24252] Microsoft Windows 2000/NT memory corruption [22602] Microsoft Windows 2000/NT BASE winhlp32.exe memory corruption [22126] Microsoft Outlook 2003 Access Restriction privilege escalation [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access privilege escalation [68409] Microsoft Office 2007/2010/2013 memory corruption [68408] Microsoft Excel 2007/2010/2013 privilege escalation [68407] Microsoft Excel 2007/2010 privilege escalation [68405] Microsoft Word 2007/2010 Index privilege escalation [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor privilege escalation [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack privilege escalation [68188] Microsoft Word 2007 File privilege escalation [68187] Microsoft Word 2007 File privilege escalation [68186] Microsoft Word 2007 File privilege escalation [67829] Microsoft Office 2007/2010/2011 Object privilege escalation [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services denial of service [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query cross site scripting [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus denial of service [22011] Microsoft Windows Server 2003 idirectplay4 API denial of service [21967] Microsoft Windows 2000/ME Media Player cross site scripting [21899] Microsoft Windows Server 2003/XP Help/Support Center dvdupgrd.htm memory corruption [21876] Microsoft Windows 98/2000/Server 2003/XP H.323 memory corruption [21873] Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption [21838] Microsoft Sharepoint Portal Server 2001 cross site scripting [21476] Microsoft Windows 2000 Message Queue Manager memory corruption [21448] Microsoft Windows up to 2000 SP3/XP Terminal Service msgina.dll denial of service [21095] Microsoft Windows up to 2000 SP3 SMTP Service denial of service [20978] Microsoft Windows Server 2003 Shell Link directory traversal [20961] Microsoft Windows up to 2000 SP4 Troubleshooter ActiveX Control Tshoot.ocx RunQuery2 memory corruption [20960] Microsoft Windows up to Server 2003 Authenticode privilege escalation [20662] Microsoft Windows up to 2000 SP3 shell32.dll ShellExecute memory corruption [20214] Microsoft ISA Server 2000 DNS Intrusion Detection Application Filter denial of service [20213] Microsoft Windows 2000 Script Engine for JScript JScript.dll JsArrayFunctionHeapSort Integer Coercion Error [20109] Microsoft Outlook 2002 V1 Exchange Server Security Certificate weak encryption [19970] Microsoft Windows 2000 Active Directory privilege escalation [19743] Microsoft Outlook 2002 javascript URI cross site scripting [19742] Microsoft Outlook 2000/2002 IFRAME privilege escalation [19719] Microsoft Windows up to 2000 SP2 DCOM Client information disclosure [19623] Microsoft SQL Server up to 2000 SP2 Stored Procedure sp_MSSetServerProperties/sp_MSsetalertinfo privilege escalation [19574] Microsoft Windows 2000/XP Log Size denial of service [19518] Microsoft Exchange 2000 Request denial of service [19515] Microsoft Exchange 2000 Remote Procedure Call denial of service [19514] Microsoft SQL Server up to 2000 Authentication Password weak encryption [19355] Microsoft Windows 2000 TCP Packet denial of service [19218] Microsoft Outlook 2002 Header Field denial of service [19105] Microsoft Windows 2000/XP PPTP Service memory corruption [19082] Microsoft Windows 2000 SP2 SNMP LAN Manager denial of service [19054] Microsoft Windows 2000/XP RDP denial of service [19053] Microsoft Windows 2000/XP RDP weak encryption [18800] Microsoft SQL Server 2000 Authentication memory corruption [18789] Microsoft SQL Server 2000 SP2 Stored Procedure sp_MScopyscript privilege escalation [18777] Microsoft Project 2000/2002 Office Web Components Copy/Paste privilege escalation [18776] Microsoft Project 2000/2002 Office Web Components LoadText File information disclosure [18774] Microsoft Project 2002 Office Web Components setTimeout privilege escalation [18755] Microsoft SQL Server 2000 Jet Engine opendatasource memory corruption [18615] Microsoft SQL Server 2000 0x08 Packet denial of service [18598] Microsoft SQL Server 2000 Keep-Alive denial of service [18597] Microsoft SQL Server 2000 Resolution Service memory corruption [18596] Microsoft SQL Server 2000 Stored Procedure sql injection [18595] Microsoft SQL Server 2000 DBCC memory corruption [18593] Microsoft Word 2000 Mail Merge Tool privilege escalation [18592] Microsoft Excel 2000/2002 Macro Security privilege escalation [18591] Microsoft Excel 2000/2002 Macro Security privilege escalation [18590] Microsoft Excel 2000/2002 Macro Security privilege escalation [18537] Microsoft Outlook 2002 Windows Media Player player.launchurl cross site scripting [18464] Microsoft Windows 2000 Terminal Server privilege escalation [18411] Microsoft SQL Server 2000 Query memory corruption [18410] Microsoft SQL Server 2000 Password Encryption memory corruption [18346] Microsoft SQL Server 2000 SQLXML cross site scripting [18345] Microsoft SQL Server 2000 SQLXML ISAPI Extension memory corruption [18276] Microsoft Windows 2000 LANMAN Service denial of service [18245] Microsoft Exchange 2000 RFC Message Attribute denial of service [18138] Microsoft Word 2000/2002 Rich Text Format cross site scripting [18130] Microsoft Windows 2000 denial of service [17973] Microsoft Windows 2000 Shell memory corruption [17960] Microsoft Windows 2000/XP SMTP Service denial of service [17959] Microsoft Windows 2000 SMTP Service privilege escalation [17955] Microsoft Exchange 2000 Privilege Registry privilege escalation [17947] Microsoft Windows 2000 Telnet Server memory corruption [17946] Microsoft Windows 2000/NT Authorization weak authentication [17852] Microsoft ISA Server 2000 UDP Packet denial of service [17834] Microsoft Windows 2000 NTFS privilege escalation [17728] Microsoft Windows 2000 IKE denial of service [17718] Microsoft Windows 2000/XP Network Address Translation weak authentication [17389] Microsoft Windows 2000 IrDA Driver memory corruption [17388] Microsoft ISA Server 2000 URL cross site scripting [17374] Microsoft ISA Server 2000 H.323 denial of service [17161] Microsoft Outlook 2002 View ActiveX Control privilege escalation [17147] Microsoft Windows 2000 SMTP Service privilege escalation [17056] Microsoft Windows 2000 Telnet Service denial of service [17055] Microsoft Windows 2000 Telnet Domain User information disclosure [17054] Microsoft Windows 2000 Telnet Service denial of service [17053] Microsoft Windows 2000 Telnet Session denial of service [17050] Microsoft Exchange 2000/5.5 Outlook Web Access cross site scripting [17049] Microsoft Windows 2000 Message Request denial of service [17015] Microsoft Exchange 2000/5.5 LDAP denial of service [16917] Microsoft ISA Server 2000 Web Proxy denial of service [16824] Microsoft Windows 2000 Internet Printing ISAPI Extension msw3prt.dll memory corruption [16822] Microsoft Windows 2000 Kerberos denial of service [16754] Microsoft Outlook up to 2000 Holiday Feature weak authentication [16600] Microsoft Windows 2000 Event Viewer memory corruption [16599] Microsoft Outlook 2000/98/5.0 vCard memory corruption [16381] Microsoft Windows 2000 RDP denial of service [16370] Microsoft Windows 2000/ME Web Extender Client privilege escalation [16295] Microsoft Exchange 2000 User Account weak authentication [16267] Microsoft Windows 2000 Telnet Service denial of service [16055] Microsoft Windows 2000 System Monitor ActiveX Control memory corruption [15985] Microsoft Windows up to XP Office 2000 File riched20.dll privilege escalation [15965] Microsoft Windows 2000 NTLM Authentication telnet.exe privilege escalation [15930] Microsoft Word 2000 Mail Merge Tool privilege escalation [15907] Microsoft Word/Excel/Powerpoint 2000 Object Tag memory corruption [15782] Microsoft Outlook up to 2000 Cache privilege escalation [15773] Microsoft Outlook up to 2000 Date Field memory corruption [15764] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 HTTP 1.0 Request IP Address information disclosure [15726] Microsoft Windows 2000 Telnet Server denial of service [15725] Microsoft Windows 2000 Port denial of service [15542] Microsoft Office 2000 UA ActiveX Control Show Me privilege escalation [15325] Microsoft Windows 2000 Share weak authentication [15120] Microsoft IIS 2.0/3.0 ASP Source information disclosure [14512] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion privilege escalation [14465] Microsoft IIS 2.0/3.0/4.0/5.0 IISAPI Extension perl.exe information disclosure [14423] Microsoft Windows 2000/NT PDC/BDC privilege escalation [14418] Microsoft Windows 2000/NT OS/2/POSIX Subsystem privilege escalation [14394] Microsoft Windows 2000/NT NT Alerter privilege escalation [13908] Microsoft IIS 2.0/3.0 URL denial of service [13545] Microsoft Word 2007 Embedded Font memory corruption [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll privilege escalation [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response weak authentication [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker privilege escalation [13226] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting [13224] Microsoft SharePoint Server 2007/2010/2013 Page privilege escalation [12859] Microsoft Word 2003 Office Document memory corruption [12845] Microsoft Word 2003 Office File memory corruption [12844] Microsoft Word 2007/2010 Office File memory corruption [12843] Microsoft Office 2007/2010/2011/2013 XML Parser denial of service [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager privilege escalation [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR privilege escalation [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document denial of service [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation [11230] Microsoft Word 2003 DOC Document denial of service [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption [11081] Microsoft Windows Server 2008/Vista TIFF Image privilege escalation [10648] Microsoft Word 2007 Word File memory corruption [10647] Microsoft Word 2003 Word File memory corruption [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting [10245] Microsoft Office 2003/2007/2010 Word File memory corruption [10244] Microsoft Office 2003 SP3 Word File memory corruption [10243] Microsoft Office 2003/2007 Word File memory corruption [10242] Microsoft Office 2007 Word File memory corruption [10241] Microsoft Office 2007 Word File memory corruption [10240] Microsoft Office 2003/2007/2010 Word File memory corruption [10239] Microsoft Office 2003/2007 Word File memory corruption [10238] Microsoft Excel 2003/2007 XML External Entity Data memory corruption [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data privilege escalation [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption [10229] Microsoft Access 2007/2010/2013 Access File memory corruption [10228] Microsoft Access 2007/2010/2013 Access File memory corruption [10227] Microsoft Access 2007/2010/2013 Access File memory corruption [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation [10191] Microsoft Windows Server 2003/XP OLE Object memory corruption [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory privilege escalation [10189] Microsoft Outlook 2007/2010 S/MIME denial of service [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL memory corruption [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services information disclosure [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize memory corruption [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array privilege escalation [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation [8737] Microsoft Word 2003 SP3 Shape Data Parser privilege escalation [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File privilege escalation [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server denial of service [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) memory corruption [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll privilege escalation [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler memory corruption [7121] Microsoft Exchange 2007/2010 RSS Feed privilege escalation [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS privilege escalation [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar memory corruption [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery privilege escalation [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure [6918] Microsoft Excel 2007 SP2 Input Sanitizer memory corruption [6830] Microsoft Word 2007/2010 File memory corruption [6819] Microsoft Excel 2007 File memory corruption [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting [6621] Microsoft Word 2007 PAPX privilege escalation [5945] Microsoft Office 2007/2010 memory corruption [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service Format String [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll privilege escalation [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX privilege escalation [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys privilege escalation [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5649] Microsoft Office 2003/2007/2010 libraries privilege escalation [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting [5643] Microsoft SharePoint 2007/2010 privilege escalation [5642] Microsoft SharePoint 2007 privilege escalation [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP privilege escalation [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 privilege escalation [5362] Microsoft Office 2003/2007 GDI+ privilege escalation [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx Integer Coercion Error [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection [5050] Microsoft Office 2007 WPS Converter memory corruption [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification privilege escalation [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol privilege escalation [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service privilege escalation [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application privilege escalation [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll memory corruption [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll memory corruption [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation [4482] Microsoft Word 2007/2010/2011 Document Parser denial of service [4480] Microsoft Excel 2003 privilege escalation [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management privilege escalation [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt privilege escalation [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader privilege escalation [4471] Microsoft Office 2003/2007 Publisher privilege escalation [4470] Microsoft Office 2003 SP3 privilege escalation [4453] Microsoft Excel 2003 Record Parser privilege escalation [4446] Microsoft Office 2007/2008 OfficeArt Record Parser privilege escalation [4445] Microsoft Office 2007/2010/2011 Word Document Parser denial of service [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter Numeric Error [4412] Microsoft Office 2003/2007 Library Loader privilege escalation [4411] Microsoft Excel 2003 denial of service [4409] Microsoft Windows Server 2003/Server 2008 WINS privilege escalation [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service [4393] Microsoft Windows Server 2008 DNS Service privilege escalation [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction information disclosure [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service [4369] Microsoft Excel 2002/2003/2007 privilege escalation [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service [4362] Microsoft Windows 7/Server 2008/Vista denial of service [4349] Microsoft Office 2004/2007/2008 Presentation File Parser privilege escalation [4348] Microsoft PowerPoint 2002/2003/2007 privilege escalation [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler privilege escalation [4332] Microsoft PowerPoint 2007/2010 privilege escalation [4301] Microsoft Windows Server 2003 SMB Browser memory corruption [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation [4296] Microsoft Windows Server 2003/XP LSASS weak authentication [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys privilege escalation [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum weak encryption [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation [4289] Microsoft Excel 2007 Shape Data Parser denial of service [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser privilege escalation [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC memory corruption [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe denial of service [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service unknown vulnerability [4228] Microsoft Windows Server 2008 Hyper-V VMBus privilege escalation [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation [4204] Microsoft Windows Server 2008 Color Control Panel unknown vulnerability [4197] Microsoft SharePoint 2007/3.0 cross site scripting [4196] Microsoft Word 2002/2003/2007/2010 memory corruption [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client privilege escalation [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service [4186] Microsoft Outlook 2002/2003/2007 Content Parser memory corruption [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack memory corruption [4162] Microsoft Windows 7/Server 2008/Vista Kernel race condition [4159] Microsoft Excel 2002/2003 SXDB PivotTable privilege escalation [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel denial of service [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser privilege escalation [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD privilege escalation [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll privilege escalation [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator privilege escalation [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting [4107] Microsoft Windows 7/Server 2008 Kernel privilege escalation [4103] Microsoft Windows Server 2003 Media Services memory corruption [4090] Microsoft Excel 2002/2003/2007 privilege escalation [4082] Microsoft PowerPoint 2002 SP3 memory corruption [4069] Microsoft Project 2003/2007 Project Memory Validator denial of service [4056] Microsoft Word 2002/2003 File Information Block Parser memory corruption [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar denial of service [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service memory corruption [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service [4000] Microsoft Office 2003/Sp3/Xp Web Components privilege escalation [3999] Microsoft Office 2007 Pointer privilege escalation [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data memory corruption [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container memory corruption [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption [3971] Microsoft PowerPoint 2000/2002/2003 Object memory corruption [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph memory corruption [3969] Microsoft PowerPoint 2000/2002/2003 Atom memory corruption [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG privilege escalation [3952] Microsoft ISA Server 2004/2006 denial of service [3946] Microsoft PowerPoint 2000/2002/2003/2004 privilege escalation [3939] Microsoft Windows 2000 DNS privilege escalation [3938] Microsoft Windows 2000 SSL weak authentication [3937] Microsoft Windows 2000 privilege escalation [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference privilege escalation [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption [3892] Microsoft Excel 2000/2002/2003 Formula denial of service [3891] Microsoft Excel 2000/2002/2003 denial of service [3890] Microsoft Excel 2000/2002/2003 NAME Index denial of service [3889] Microsoft Word 2000/2002/2003/2007 Table Property memory corruption [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet denial of service [3887] Microsoft Word 2000/2002/2003/2007 denial of service [3886] Microsoft Word 2000/2002/2003/2007 ControlWord memory corruption [3885] Microsoft Word 2000/2002/2003/2007 denial of service [3884] Microsoft Word 2000/2002/2003/2007 denial of service [3883] Microsoft Word 2000/2002/2003/2007 RTF memory corruption [3882] Microsoft Word 2000/2002/2003/2007 LFO privilege escalation [3845] Microsoft Windows 2000 SP4 Active Directory denial of service [3844] Microsoft Excel 2003 REPT Numeric Error [3843] Microsoft Excel up to 2007 BIFF File denial of service [3842] Microsoft Excel 2003 VBA Performance Cache denial of service [3797] Microsoft Windows Server 2008/Vista IPsec Policy information disclosure [3796] Microsoft Office 2000 WPG privilege escalation [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT denial of service [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel denial of service [3793] Microsoft Office 2000/2003/Xp PICT denial of service [3792] Microsoft Office 2000 EPS File privilege escalation [3783] Microsoft Word 2002 denial of service [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting [3777] Microsoft Windows Server 2008/Vista SP1 Explorer privilege escalation [3732] Microsoft Windows 2000/Server 2003 WINS privilege escalation [3701] Microsoft Word 2003 CSS privilege escalation [3700] Microsoft Word 2003 RTF Document privilege escalation [3648] Microsoft Excel 2003 privilege escalation [3647] Microsoft Outlook up to 2007 mailto URI privilege escalation [3552] Microsoft Excel 2000/2002/2003 File memory corruption [3373] Microsoft Word 2000/2002 privilege escalation [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption [3223] Microsoft Windows Server 2003/XP URI privilege escalation [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption [3172] Microsoft Office Publisher 2007 Pointer denial of service [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object denial of service [3065] Microsoft Excel 2000/2002/2003/2007 Filter memory corruption [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record memory corruption [3012] Microsoft Windows 2000/Server 2003 DNS Service memory corruption [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption [2990] Microsoft Windows 2000/Vista/XP Animated Cursor memory corruption [2939] Microsoft Word 2000 memory corruption [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog privilege escalation [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String [2884] Microsoft Word 2000/2002/2003 memory corruption [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer Coercion Error [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search memory corruption [2809] Microsoft Outlook 2000/2002/2003 Header denial of service [2808] Microsoft Outlook 2000/2002/2003 Meeting denial of service [2807] Microsoft Excel 2000/2002/2003 XLS File privilege escalation [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication [2739] Microsoft Windows 2000 Remote Installation Service unknown vulnerability [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption [2737] Microsoft Windows Server 2003/XP Manifest privilege escalation [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption [2717] Microsoft Windows 2000 Print Spooler denial of service [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX Numeric Error [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [2684] Microsoft Windows 2000/XP Workstation Service memory corruption [2659] Microsoft Windows 2000/XP GDI memory corruption [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption [2610] Microsoft PowerPoint 2003 PPT Document denial of service [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP weak encryption [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP weak encryption [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption [2596] Microsoft Office 2000/2003/2004/Xp Value Read privilege escalation [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value privilege escalation [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption [2571] Microsoft PowerPoint up to 2003 Document privilege escalation [2554] Microsoft PowerPoint 2000 memory corruption [2522] Microsoft Windows 2000/Server 2003/XP Indexing Service cross site scripting [2508] Microsoft Word 2000 memory corruption [2436] Microsoft Windows 2000/Server 2003/XP Kernel memory corruption [2435] Microsoft Windows 2000/Server 2003/XP Exception memory corruption [2434] Microsoft Windows 2000/Server 2003/XP Winlogon privilege escalation [2433] Microsoft Windows 2000 Management Console cross site scripting [2432] Microsoft Windows 2000/Server 2003/XP DNS Resolver memory corruption [2431] Microsoft Windows 2000/Server 2003/XP Winsock API memory corruption [2430] Microsoft Windows 2000/Server 2003/XP RPC ELV memory corruption [2426] Microsoft Windows 2000/Server 2003/XP WMF File gdi32.dll denial of service [2415] Microsoft Windows 2000/Server 2003/XP SMB File srv.sys privilege escalation [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption [2370] Microsoft Windows 2000/Server 2003/XP Server Protocol Driver memory corruption [2369] Microsoft Windows 2000/Server 2003/XP Server Service Mailslot memory corruption [2367] Microsoft Office 2000/2003/XP Document String privilege escalation [2366] Microsoft Windows 2000/Server 2003/XP DHCP Client memory corruption [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll memory corruption [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting [2311] Microsoft Windows 2000/Server 2003/XP MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk privilege escalation [2310] Microsoft Windows 2000 RPC weak authentication [2309] Microsoft Windows 2000/Server 2003/XP Routing/Remote Access Service memory corruption [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption [2307] Microsoft Windows 2000/Server 2003/XP JScript Object memory corruption [2306] Microsoft Windows 2000/Server 2003/XP IP Source Routing memory corruption [2305] Microsoft Windows Server 2003/XP ART Image memory corruption [2294] Microsoft Word up to 2003 DOC Document privilege escalation [2275] Microsoft Windows Server 2003/XP mhtml URI inetcomm.dll memory corruption [2253] Microsoft Word up to 2003 privilege escalation [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption [2218] Microsoft Windows 2000/Server 2003/XP MSDTC memory corruption [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption [2190] Microsoft Office 2003 mailto URI unknown vulnerability [2147] Microsoft Windows 2000/Server 2003/XP COM Object memory corruption [2053] Microsoft Office/Visio/Project 2003 Korean Input Method Editor privilege escalation [2052] Microsoft PowerPoint 2000 HTML Rendering information disclosure [2051] Microsoft Windows Server 2003/XP Web Client Service memory corruption [2050] Microsoft Windows Server 2003/XP TCP/IP IGMP memory corruption [2049] Microsoft Windows 2000/Server 2003/XP Media Player memory corruption [2036] Microsoft Windows Server 2003/XP Service privilege escalation [1971] Microsoft Visual Studio 2005 Form Loader load memory corruption [1963] Microsoft Outlook 2000/2002/2003 TNEF MIME Attachment Integer Coercion Error [1962] Microsoft Windows 2000/Server 2003/XP Web Fonts memory corruption [1934] Microsoft Windows Server 2003/XP WMF File privilege escalation [1876] Microsoft Windows 2000/XP WMF/EMF File Integer Coercion Error [1801] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption [1798] Microsoft Windows 2000/Server 2003/XP Transaction Internet Protocol denial of service [1797] Microsoft Windows 2000/Server 2003/XP COM+ memory corruption [1796] Microsoft Windows 2000/Server 2003/XP Distributed Transaction Coordinator memory corruption [1793] Microsoft Windows 2000/Server 2003/XP Explorer HTML Preview cross site scripting [1792] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1791] Microsoft Windows 2000/Server 2003/XP lnk File memory corruption [1790] Microsoft Exchange 2000 SMTP Collaboration Data Object memory corruption [1789] Microsoft Windows 2000/Server 2003/XP Plug-and-Play Service memory corruption [1737] Microsoft Exchange 2003 IMAP4 Service Store.exe denial of service [1692] Microsoft Windows up to Server 2003 Print Spooler memory corruption [1691] Microsoft Windows 2000/Server 2003/XP Kerberos memory corruption [1690] Microsoft Windows 2000/Server 2003/XP Kerberos denial of service [1689] Microsoft Windows up to Server 2003 Plug-and-Play Service memory corruption [1669] Microsoft Word 2000 Shared Sections denial of service [1668] Microsoft PowerPoint 2000 Shared Sections denial of service [1667] Microsoft Outlook 2000 Shared Sections denial of service [1666] Microsoft Office 2000 Shared Sections denial of service [1665] Microsoft Excel 2000 Shared Sections denial of service [1664] Microsoft Access 2000 Shared Sections denial of service [1623] Microsoft Windows 2000/XP Network Connectivity netman.dll denial of service [1597] Microsoft Word 2000/2002 Font Parser memory corruption [1596] Microsoft Windows 95/98/2000/Server 2003/XP Color Management memory corruption [1570] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1569] Microsoft Windows Server 2003/XP Web Client Service memory corruption [1568] Microsoft Windows 2000/Server 2003/XP Agent Internet Content cross site scripting [1567] Microsoft Windows 2000/Server 2003/XP HTML Help Input memory corruption [1547] Microsoft Windows 2000/Server 2003/XP Remote Desktop mstlsapi.dll weak authentication [1407] Microsoft Windows 2000 Web View webvw.dll memory corruption [1358] Microsoft Windows 2000/Server 2003/XP CSRSS memory corruption [1357] Microsoft Windows 2000/Server 2003/XP Objekt Manager memory corruption [1356] Microsoft Windows 2000/Server 2003/XP Kernel Access memory corruption [1355] Microsoft Windows 2000/Server 2003/XP Font File memory corruption [1351] Microsoft Exchange 2000/2003 SMTP Service memory corruption [1350] Microsoft Windows 2000/Server 2003/XP Shell MSHTA.EXE memory corruption [1349] Microsoft Windows 2000/XP SP1 RPC Message Queue memory corruption [1328] Microsoft Windows Server 2003 Print Color Adjustment denial of service [1327] Microsoft Windows Server 2003 SMB denial of service [1291] Microsoft Windows 2000 EMF File GetEnhMetaFilePaletteEntries denial of service [1269] Microsoft Exchange 2003 Sub-Directories Store.exe denial of service [1268] Microsoft Windows Server 2003/XP TCP/IP Stack denial of service [1196] Microsoft Windows up to XP/Server 2003 Drag / Drop memory corruption [1193] Microsoft Windows NT 4.0/2000/Server 2003 License Logging Server privilege escalation [1192] Microsoft Office 2000/2002/XP URL memory corruption [1189] Microsoft Windows 2000/Server 2003/XP SMB memory corruption [1188] Microsoft Exchange 2003 Outlook Web Access owalogon.asp information disclosure [1107] Microsoft Windows Server 2003/XP Indexing Service memory corruption [1042] Microsoft Windows up to Server 2003 HyperTerminal URL memory corruption [981] Microsoft Proxy Server/ISA Server up to 2000 DNS Revese Lookup Cache weak authentication [897] Microsoft Windows Server 2003/XP ZIP Archive dunzip32.dll memory corruption [885] Microsoft Windows 2000/Server 2003/XP WebDAV XML Message denial of service [883] Microsoft Windows NT 4.0/2000/Server 2003 memory corruption [881] Microsoft Excel 2000/2001/2002 memory corruption [877] Microsoft Word 2002 DOC Document denial of service [862] Microsoft Windows 2000/XP SYSTEM32 memory corruption [860] Microsoft Windows 2000/XP Packet Fragmentation denial of service [761] Microsoft Windows 2000 Utility Manager winhlp32.exe memory corruption [705] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [704] Microsoft ISA Server 2000 SP2 Web Proxy privilege escalation [703] Microsoft ISA Server 2000 SP2 Web Proxy denial of service [702] Microsoft ISA Server 2000 SP2 External HTTP Traffic weak encryption [701] Microsoft ISA Server 2000 SP2 ICMP unknown vulnerability [683] Microsoft Windows 2000 weak authentication [664] Microsoft Windows 2000/XP CLSID desktop.ini memory corruption [663] Microsoft Outlook 2003 RTF Document OLE Object containing privilege escalation [652] Microsoft Outlook 2003 HTML Mail Reply privilege escalation [618] Microsoft Windows Server 2003 MS04-011 Patch unknown vulnerability [610] Microsoft Windows up to XP/Server 2003 ASN.1 Library memory corruption [609] Microsoft Windows 2000/Server 2003/XP Negotiate Security Software Provider memory corruption [605] Microsoft Windows 2000 Utility Manager memory corruption [604] Microsoft Windows Server 2003/XP Help/Support Center memory corruption [603] Microsoft Windows 2000 Metafile WMF/EMF Integer Coercion Error [601] Microsoft Windows up to XP/Server 2003 PCT Message memory corruption [600] Microsoft Windows 2000 Domain Controller memory corruption [599] Microsoft Windows up to Server 2003 LSASS Request memory corruption [598] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC/DCOM Object Identity unknown vulnerability [597] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service [596] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS denial of service [551] Microsoft Outlook 2002/XP mailto cross site scripting [518] Microsoft Windows Server 2003/XP ntdll.dll unknown vulnerability [509] Microsoft Windows NT 4.0/2000/XP/Server 2003 WINS Server GS privilege escalation [508] Microsoft Windows NT 4.0/2000/XP/Server 2003 ASN.1 lsass.exe Integer Coercion Error [479] Microsoft Exchange 2003 Outlook Web Access information disclosure [477] Microsoft ISA Server 2000 H.323 Filter memory corruption [476] Microsoft ISA Server 2000 H.323/H.225.0/Q.931 memory corruption [419] Microsoft Exchange 2003 Outlook Web Access information disclosure [385] Microsoft Excel up to 2002 Macro Security memory corruption [383] Microsoft Windows 2000/XP Workstation Service memory corruption [350] Microsoft Windows 2000/NT/Server 2003/XP HTML Help memory corruption [331] Microsoft Windows 2000/XP RPCSS race condition [328] Microsoft Windows 2000 Message Queuing Service mqsvc.exe memory corruption [323] Microsoft Windows Server 2003 Shell Folder information disclosure [312] Microsoft Windows 2000/Server 2003/Vista/XP PostThreadMessage unknown vulnerability [286] Microsoft Windows Server 2003 Buffer Overflow Protection unknown vulnerability [277] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption [249] Microsoft Windows NT 4.0/2000/XP/Server 2003 Blaster/Eske memory corruption [199] Microsoft MSDE/SQL Server 2000 LPC memory corruption [178] Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC DCOM PerformScmStage memory corruption [177] Microsoft ISA Proxy 2000 Error Site cross site scripting [175] Microsoft Windows up to 2000 SP3 SMTP Timestamp denial of service [164] Microsoft Windows up to XP/Server 2003 HTML Converter memory corruption [158] Microsoft Windows 2000/XP rundll32.exe memory corruption [155] Microsoft Windows up to 2000 SP3 LDAP Cryptnet.DLL denial of service [154] Microsoft Windows up to 2000 SP3 RPC unknown vulnerability [153] Microsoft Windows 2000 Terminal Service unknown vulnerability [151] Microsoft Windows up to 2000 SP3 ModifyDN Request denial of service [150] Microsoft Windows up to 2000 SP3 Domain Controller unknown vulnerability [149] Microsoft Windows up to 2000 SP3 Port Name API memory corruption [146] Microsoft Windows up to 2000 SP3 IMAADPCM cbDestLength memory corruption [145] Microsoft Windows 2000 Active Directory weak authentication [135] Microsoft Windows 2000 API ShellExecute memory corruption [134] Microsoft Windows up to 2000 SP3 Active Directory memory corruption [12] Microsoft Outlook 2000/Express 6 window.PopUp privilege escalation [4] Microsoft Windows 2000 NetBIOS denial of service [176522] Microsoft Windows 7 SP1 up to Server 2019 MSHTML Platform unknown vulnerability [176515] Microsoft Windows 10 up to Server 2019 Hyper-V denial of service [176514] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176513] Microsoft Windows 8.1 up to Server 2019 Server for NFS information disclosure [176512] Microsoft Windows 8.1 up to Server 2019 NFS denial of service [176511] Microsoft Windows 7 SP1 up to Server 2019 GPSVC unknown vulnerability [176510] Microsoft Windows 7 SP1 up to Server 2019 Event Tracing information disclosure [176509] Microsoft Windows 7 SP1 up to Server 2019 HTML Platform unknown vulnerability [176508] Microsoft Windows 8.1 up to Server 2019 TCP/IP Driver denial of service [176507] Microsoft Windows 10 20H2 up to Server 2019 Cloud Files Mini Filter Driver unknown vulnerability [176506] Microsoft Windows 7 SP1 up to Server 2019 Remote Desktop Services denial of service [176504] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176503] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [176502] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176501] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176500] Microsoft Windows 7 SP1 up to Server 2019 Kerberos AppContainer unknown vulnerability [176498] Microsoft Windows 7 SP1 up to Server 2019 Scripting Engine unknown vulnerability [176497] Microsoft Windows 7 SP1 up to Server 2019 NTLM unknown vulnerability [176495] Microsoft Windows 7 SP1 up to Server 2019 NTFS unknown vulnerability [176493] Microsoft Windows 7 SP1 up to Server 2019 Common Log File System Driver unknown vulnerability [176492] Microsoft Windows 7 SP1 up to Server 2019 Filter Manager unknown vulnerability [176491] Microsoft Windows 10 20H2 up to Server 2019 Kernel-Mode Driver unknown vulnerability [176490] Microsoft Windows 10 20H2 up to Server 2019 Kernel unknown vulnerability [176489] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176488] Microsoft Outlook 2013 RT SP1/2013 SP1/2016/2019 unknown vulnerability [176487] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176481] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176480] Microsoft Office 2013 RT SP1/2013 SP1/2016/2019 Graphics unknown vulnerability [176477] Microsoft Windows 7 SP1 up to Server 2019 Enhanced Cryptographic Provider unknown vulnerability [176475] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [176474] Microsoft Windows 7 SP1 up to Server 2019 DCOM Server unknown vulnerability [174874] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174873] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking information disclosure [174872] Microsoft Visual Studio up to 2019 Version 16.9 unknown vulnerability [174871] Microsoft Windows 7 SP1 up to Server 2019 Wireless Networking unknown vulnerability [174870] Microsoft Windows 7 SP1 up to Server 2019 unknown vulnerability [174868] Microsoft Windows 8.1 up to Server 2019 CSC Service information disclosure [174864] Microsoft Windows 10 20H2 up to Server 2019 Container Manager Service unknown vulnerability [174861] Microsoft Windows 10 20H2 up to Server 2019 Graphics unknown vulnerability [174860] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174859] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174858] Microsoft SharePoint Server 2013 SP1/2016/2019 information disclosure [174850] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174849] Microsoft Windows 7 SP1 up to Server 2019 Bluetooth Driver unknown vulnerability [174848] Microsoft Windows 7 SP1 up to Server 2019 Infrared Data Association information disclosure [174846] Microsoft Windows 7 SP1 up to Server 2019 RDP information disclosure [174844] Microsoft Windows 7 SP1 up to Server 2019 Graphics unknown vulnerability [174843] Microsoft Windows 10 1809/Server 2019 Container Isolation FS Filter Driver unknown vulnerability [174842] Microsoft Windows 10 20H2 up to Server 2019 Projected File System FS Filter Driver information disclosure [174840] Microsoft Windows 7 SP1 up to Server 2019 on SSDP Service unknown vulnerability [174839] Microsoft Windows 7 SP1 up to Server 2019 OLE Automation unknown vulnerability [174838] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174837] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174834] Microsoft Exchange Server 2013 CU23/2016 CU19/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174832] Microsoft Exchange Server 2013 CU23/2016 CU16/2016 CU20/2019 CU8/2019 CU9 unknown vulnerability [174828] Microsoft Lync Server/Skype for Business Server 2013 CU10/2015 CU11 unknown vulnerability [174827] Microsoft Lync/Skype for Business Server 2013 CU10/2015 CU11/2019 CU5 unknown vulnerability [174825] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174824] Microsoft Windows 7 SP1 up to Server 2019 Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST unknown vulnerability [174823] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174822] Microsoft SharePoint Server 2013 SP1/2016/2019 unknown vulnerability [174540] Dell EMC Integrated System for Microsoft Azure Stack Hub up to 2011 hard-coded credentials [172949] Microsoft Windows 10 up to Server 2019 Media Photo Codec information disclosure [172947] Microsoft Windows 7 SP1 up to Server 2019 Internet Messaging API unknown vulnerability [172941] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172937] Microsoft Windows 10 20H2 up to Server 2019 Hyper-V denial of service [172933] Microsoft Windows 10 20H2 up to Server 2019 Application Compatibility Cache denial of service [172929] Microsoft Windows 7 SP1 up to Server 2019 Media Video Decoder unknown vulnerability [172925] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP Driver denial of service [172921] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172919] Microsoft Windows 8.1 up to Server 2019 SMB information disclosure [172917] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172916] Microsoft Windows 7 SP1 up to Server 2019 DNS information disclosure [172915] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172914] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172913] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172912] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172911] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172910] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172909] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172908] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172907] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172906] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172905] Microsoft Windows 7 SP1 up to Server 2019 on Remote Procedure Call Runtime unknown vulnerability [172904] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172903] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172902] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172901] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172900] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172899] Microsoft Windows 8.1 up to Server 2019 Remote Procedure Call Runtime Remote unknown vulnerability [172898] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172896] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172895] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172894] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [172892] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172891] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172890] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172889] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172888] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172887] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172886] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172885] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call Runtime unknown vulnerability [172880] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP Driver denial of service [172877] Microsoft Windows 10 20H2 up to Server 2019 TCP/IP information disclosure [172875] Microsoft Windows 8.1 up to Server 2019 Hyper-V unknown vulnerability [172874] Microsoft Windows 7 SP1 up to Server 2019 Network File System unknown vulnerability [172870] Microsoft Office 365 Apps for Enterprise up to 2019 Excel unknown vulnerability [172869] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Update denial of service [172861] Microsoft Azure DevOps Server 2020.0.1 unknown vulnerability [172853] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172852] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172851] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [172850] Microsoft Exchange Server 2013 CU23/2016 CU20/2019 CU9 unknown vulnerability [171012] Microsoft Windows 10 20H2 up to Server 2019 NAT denial of service [171000] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170999] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170998] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170997] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [170996] Microsoft Windows Server 20H2 up to Server 2019 DNS Server code injection [170995] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170994] Microsoft Windows Server 20H2 up to Server 2019 DNS Server denial of service [170981] Microsoft Windows 7 SP1 up to Server 2019 Remote Access API privileges management [170979] Microsoft Windows 10 20H2 up to Server 2019 OpenType Font Parser code injection [170978] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [170974] Microsoft SharePoint Server/Office Web Apps 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [170973] Microsoft SharePoint Server/Office Web Apps 2016/2019 information disclosure [170972] Microsoft Office 365 Apps for Enterprise up to 2019 PowerPoint unknown vulnerability [170970] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 unknown vulnerability [170969] Microsoft Office 365 Apps for Enterprise up to Web Apps 2013 SP1 unknown vulnerability [170968] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [170945] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.9 Git link following [170907] Microsoft Windows 10 20H2 up to Server 2019 Application Virtualization code injection [170596] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170595] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170594] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170593] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170592] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170591] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170590] Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [170436] Microsoft Windows 8.1 up to Server 2019 Extended Protection for Authentication improper authentication [169530] Microsoft Windows 7 SP1 up to Server 2019 Trust Verification API denial of service [169529] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169528] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP unknown vulnerability [169527] Microsoft Windows 7 SP1 up to Server 2019 TCP/IP denial of service [169526] Microsoft Windows 7 SP1 up to Server 2019 Remote Procedure Call information disclosure [169525] Microsoft Windows 7 SP1 up to Server 2019 Local Spooler unknown vulnerability [169524] Microsoft Windows 10 20H2 up to Server 2019 Microsoft.PowerShell.Utility Module protection mechanism [169509] Microsoft Windows 7 SP1 up to Server 2019 Address Book unknown vulnerability [169507] Microsoft Visual Studio up to 2017 15.9/2019 16.8 unknown vulnerability [169502] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169501] Microsoft Windows 7 SP1 up to Server 2019 Fax Service unknown vulnerability [169499] Microsoft Windows Server 20H2 up to Server 2019 DNS Server unknown vulnerability [169498] Microsoft Windows 10 up to Server 2019 unknown vulnerability [169495] Microsoft SharePoint 2013 SP1/2016/2019 unknown vulnerability [169494] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169493] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [169492] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 information disclosure [169487] Microsoft Windows 10 up to Server 2019 Graphics unknown vulnerability [169486] Microsoft Exchange Server 2016 CU18/2019 CU7 unknown vulnerability [169485] Microsoft Exchange Server 2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability [167703] Microsoft Windows 7 SP1 up to Server 2019 Update Stack privileges management [167700] Microsoft Windows 10 up to Server 2019 RDP authorization [167699] Microsoft Windows 7 SP1 up to Server 2019 RDP Core unknown vulnerability [167687] Microsoft Windows 7 SP1 up to Server 2019 Graphics information disclosure [167686] Microsoft Windows 7 SP1 up to Server 2019 GDI+ information disclosure [167685] Microsoft Windows 7 SP1 up to Server 2019 Fax Compose Form privileges management [167680] Microsoft Windows 7 SP1 up to Server 2019 CryptoAPI denial of service [167666] Microsoft Visual Studio 2017 Version 15.9/2019 Version 16.8 cross site scripting [167664] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167663] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167662] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167661] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167660] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167659] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167658] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167657] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167656] Microsoft Windows 7 SP1 up to Server 2019 RPC Runtime unknown vulnerability [167655] Microsoft Windows 8.1 up to Server 2019 NTLM unknown vulnerability [167651] Microsoft Windows 7 SP1 up to Server 2019 Media Foundation unknown vulnerability [167650] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167649] Microsoft SharePoint Server 2013 SP1/2016/2019 input validation [167648] Microsoft SharePoint Foundation 2010 SP2 unknown vulnerability [167647] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 unknown vulnerability [167646] Microsoft SharePoint Server 2016/2019 privileges management [167645] Microsoft SharePoint Server 2013 SP/2016/2019 privileges management [167644] Microsoft SQL Server 2012 SP4/2014 SP3/2016 SP2/2017 CU22/2019 CU8 sql injection [167643] Microsoft Office 365 Apps for Enterprise up to 2019 unknown vulnerability [167638] Microsoft Windows 7 SP1 up to Server 2019 DTV-DVD Video Decoder unknown vulnerability [167637] Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016 Hyper-V denial of service [167633] Microsoft Windows 7 SP1 up to Server 2019 GDI+ unknown vulnerability [160966] Microsoft SQL Server 2017/2019 Reporting Services privilege escalation [160963] Microsoft Windows up to Server 2019 Projected Filesystem privilege escalation [160952] Microsoft Office 2016/2019 on macOS information disclosure [160951] Microsoft Windows up to Server 2019 Kernel memory corruption [160947] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [160946] Microsoft Windows up to Server 2019 TLS weak encryption [160945] Microsoft Excel up to 2019 memory corruption [160944] Microsoft Windows up to Server 2019 Kernel Improper Initialization [160943] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [160942] Microsoft Windows up to Server 2019 Kernel information disclosure [160941] Microsoft SharePoint Server 2013 SP1 cross site scripting [160940] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160938] Microsoft SharePoint Server 2019 Profile Data privilege escalation [160937] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160936] Microsoft Windows up to Server 2019 Microsoft COM for Windows privilege escalation [160933] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160932] Microsoft Windows up to Server 2019 CloudExperienceHost privilege escalation [160931] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Profile Data privilege escalation [160930] Microsoft Windows up to Server 2019 fdSSDP.dll privilege escalation [160929] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [160927] Microsoft Excel up to 2019 memory corruption [160926] Microsoft Office up to 2019 Excel memory corruption [160925] Microsoft Windows up to Server 2019 DirectX privilege escalation [160924] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160923] Microsoft Windows up to Server 2019 GDI information disclosure [160922] Microsoft Windows up to Server 2019 Win32k information disclosure [160921] Microsoft Windows up to Server 2019 Win32k privilege escalation [160920] Microsoft Windows up to Server 2019 DNS denial of service [160919] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160916] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [160915] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [160914] Microsoft Office up to 2019 Excel memory corruption [160912] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [160910] Microsoft Windows up to Server 2019 Win32k.sys privilege escalation [160909] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160908] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160907] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [160906] Microsoft Windows up to Server 2019 Language Pack Installer privilege escalation [160904] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [160902] Microsoft Windows up to Server 2019 GDI Dynamically-Managed Code Resources [160901] Microsoft Windows up to Server 2019 Graphics Component Dynamically-Managed Code Resources [160900] Microsoft Windows up to Server 2019 Graphics Component memory corruption [160899] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160898] Microsoft Windows up to Server 2019 DirectX privilege escalation [160895] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [160894] Microsoft Windows up to Server 2019 Routing Utilities denial of service [160892] Microsoft Windows up to Server 2019 Kernel information disclosure [160891] Microsoft Windows up to Server 2019 DHCP Server information disclosure [160890] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [160889] Microsoft Windows up to Server 2019 Group Policy privilege escalation [160886] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [160883] Microsoft Windows up to Server 2019 Kernel information disclosure [160882] Microsoft Windows up to Server 2019 Graphics Component information disclosure [160881] Microsoft Windows up to Server 2019 State Repository Service information disclosure [160880] Microsoft Windows up to Server 2019 Function Discovery SSDP Provider privilege escalation [160879] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [160876] Microsoft Windows up to Server 2019 Storage Services privilege escalation [160874] Microsoft Windows up to Server 2019 Shell Infrastructure memory corruption [160873] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160871] Microsoft Windows up to Server 2019 NTFS privilege escalation [160870] Microsoft Windows up to Server 2019 Active Directory Federation Service 2FA weak authentication [160869] Microsoft Windows up to Server 2019 DNS privilege escalation [160866] Microsoft Windows up to Server 2019 Cryptographic Catalog Service privilege escalation [160865] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [160864] Microsoft Windows up to Server 2019 Active Directory integrated DNS privilege escalation [160863] Microsoft Windows up to Server 2019 Active Directory integrated DNS memory corruption [160862] Microsoft Windows up to Server 2019 Active Directory integrated DNS information disclosure [160861] Microsoft Windows up to Server 2019 RSoP Service Application privilege escalation [160856] Microsoft SharePoint Server 2013 SP1/2016/2019 API information disclosure [160855] Microsoft Windows up to Server 2019 Media Audio Decoder memory corruption [160854] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160853] Microsoft Windows up to Server 2019 Media Audio Decoder privilege escalation [160852] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 ASP.Net Web Control privilege escalation [160851] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160850] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160849] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160848] Microsoft Windows up to Server 2019 GDI+ memory corruption [160847] Microsoft Windows up to Server 2019 memory corruption [160846] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160845] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Markup information disclosure [160843] Microsoft Windows up to Server 2019 Codecs Library memory corruption [160841] Microsoft Windows up to Server 2019 Camera Codec Pack memory corruption [160840] Microsoft Windows up to Server 2019 Microsoft COM for Windows memory corruption [160839] Microsoft Windows up to Server 2019 Text Service Module memory corruption [159610] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159608] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159606] Microsoft Excel up to 2019 memory corruption [159604] Microsoft Windows up to Server 2019 Storage Service privilege escalation [159601] Microsoft Windows up to Server 2019 Speech Shell privilege escalation [159600] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [159599] Microsoft Excel up to 2019 information disclosure [159597] Microsoft Windows up to Server 2019 File Server Resource Management Service privilege escalation [159596] Microsoft Excel 2010 SP2 memory corruption [159595] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159594] Microsoft Windows up to Server 2019 Windows Runtime memory corruption [159593] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159592] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159591] Microsoft Windows up to Server 2019 Work Folder Service memory corruption [159589] Microsoft Windows up to Server 2019 State Repository Service information disclosure [159588] Microsoft Windows up to Server 2019 CDP User memory corruption [159587] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159585] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [159584] Microsoft Windows up to Server 2019 WaasMedic Service information disclosure [159582] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [159578] Microsoft Outlook up to 2019 information disclosure [159571] Microsoft Windows up to Server 2019 UPnP Device Host memory corruption [159569] Microsoft Word up to 2019 information disclosure [159568] Microsoft Windows up to Server 2019 CSC Service privilege escalation [159567] Microsoft Windows up to Server 2019 GDI memory corruption [159566] Microsoft Windows up to Server 2019 Remote Access memory corruption [159564] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [159563] Microsoft Windows up to Server 2019 Custom Protocol Engine memory corruption [159561] Microsoft Windows up to Server 2019 Kernel information disclosure [159558] Microsoft Windows up to Server 2019 Kernel privilege escalation [159557] Microsoft Windows up to Server 2019 Font Driver Host memory corruption [159556] Microsoft Windows up to Server 2019 Speech Runtime privilege escalation [159555] Microsoft Windows up to Server 2019 Backup Service privilege escalation [159553] Microsoft Windows up to Server 2019 Telephony Server privilege escalation [159552] Microsoft Windows up to Server 2019 CDP User memory corruption [159550] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159549] Microsoft Word up to 2019 information disclosure [159548] Microsoft Windows up to Server 2019 Backup Engine privilege escalation [159547] Microsoft Excel up to 2019 memory corruption [159545] Microsoft Windows up to Server 2019 GDI privilege escalation [159544] Microsoft Excel up to 2019 memory corruption [159543] Microsoft Windows up to Server 2019 Kernel memory corruption [159542] Microsoft Windows up to Server 2019 Hard Link privilege escalation [159541] Microsoft Windows up to Server 2019 Remote Access memory corruption [159540] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159539] Microsoft Windows up to Server 2019 Radio Manager API memory corruption [159537] Microsoft Windows up to Server 2019 Accounts Control memory corruption [159534] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159531] Microsoft Windows up to Server 2019 Graphics Component memory corruption [159530] Microsoft Windows up to Server 2019 Media Foundation information disclosure [159529] Microsoft Windows up to Server 2019 Network Connection Broker privilege escalation [159528] Microsoft Windows up to Server 2019 Ancillary Function Driver for WinSock privilege escalation [159526] Microsoft Windows up to Server 2019 Public Account Pictures Folder privilege escalation [159524] Microsoft Windows up to Server 2019 Win32k information disclosure [159523] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159522] Microsoft Windows up to Server 2019 DirectWrite information disclosure [159521] Microsoft Windows up to Server 2019 SSDP Provider privilege escalation [159518] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [159517] Microsoft Windows up to Server 2019 Work Folders Service privilege escalation [159513] Microsoft Windows up to Server 2019 DirectX privilege escalation [159512] Microsoft Windows up to Server 2019 Kernel privilege escalation [159504] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159503] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159499] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159497] Microsoft Windows up to Server 2019 Media Audio Codec memory corruption [159495] Microsoft Windows up to Server 2019 Media Foundation memory corruption [159494] Microsoft Windows up to Server 2019 Media Foundation memory corruption [158019] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157995] Microsoft Windows up to Server 2019 WalletService information disclosure [157993] Microsoft Windows up to Server 2019 WalletService privilege escalation [157991] Microsoft Windows up to Server 2019 Update Stack privilege escalation [157990] Microsoft Windows up to Server 2019 Modules Installer privilege escalation [157989] Microsoft Windows up to Server 2019 Delivery Optimization Service privilege escalation [157986] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157985] Microsoft Windows up to Server 2019 Profile Service privilege escalation [157984] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157983] Microsoft Windows up to Server 2019 Kernel privilege escalation [157981] Microsoft Windows up to Server 2019 Kernel information disclosure [157979] Microsoft Windows up to Server 2019 Resource Policy information disclosure [157978] Microsoft Windows up to Server 2019 Kernel information disclosure [157977] Microsoft Windows up to Server 2019 Kernel memory corruption [157975] Microsoft Windows up to Server 2019 ALPC privilege escalation [157963] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157960] Microsoft Windows up to Server 2019 Diagnostics Hub privilege escalation [157957] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [157956] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service information disclosure [157955] Microsoft Windows up to Server 2019 Agent Activation Runtime information disclosure [157952] Microsoft Windows up to Server 2019 USO Core Worker privilege escalation [157951] Microsoft Windows up to Server 2019 Storage Services privilege escalation [157950] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157949] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157948] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157946] Microsoft Windows up to Server 2019 lnk File privilege escalation [157945] Microsoft Windows up to Server 2019 Error Reporting information disclosure [157943] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157942] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157941] Microsoft Windows up to Server 2019 Remote Desktop Client memory corruption [157939] Microsoft Windows up to Server 2019 Picker Platform privilege escalation [157938] Microsoft Windows up to Server 2019 CNG Key Isolation Service privilege escalation [157937] Microsoft Windows up to Server 2019 Windows Print Workflow Service privilege escalation [157936] Microsoft Windows up to Server 2019 Event Logging privilege escalation [157935] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157934] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service privilege escalation [157933] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157930] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157925] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [157924] Microsoft Windows up to Server 2019 UPnP Device Host privilege escalation [157923] Microsoft Windows up to Server 2019 Network Connections Service privilege escalation [157922] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [157921] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [157920] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [157919] Microsoft Windows up to Server 2019 Mobile Device Management information disclosure [157918] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [157916] Microsoft Windows up to Server 2019 Windows Address Book privilege escalation [157912] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157911] Microsoft SharePoint 2013 SP1/2016/2019 Email Parser privilege escalation [157910] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 cross site scripting [157909] Microsoft SharePoint 2013 SP1/2016/2019 privilege escalation [157907] Microsoft SharePoint 2016/2019 cross site scripting [157906] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Office cross site scripting [157899] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 PerformancePoint Services privilege escalation [157898] Microsoft Outlook up to 2019 memory corruption [157894] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157893] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157892] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [157889] Microsoft Windows up to Server 2019 Imaging information disclosure [157888] Microsoft Windows up to Server 2019 Graphics Origin Validation Error [157887] Microsoft Windows up to Server 2019 DirectWrite memory corruption [157886] Microsoft Windows up to Server 2019 Graphics Component memory corruption [157885] Microsoft Windows up to Server 2019 GDI+ memory corruption [157884] Microsoft Windows up to Server 2019 Font Library privilege escalation [157883] Microsoft Windows up to Server 2019 Graphics Component information disclosure [157882] Microsoft Windows up to Server 2019 GDI information disclosure [157877] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1/2019.0.1 cross site scripting [157509] Microsoft Windows up to Server 2019 Codecs Library memory corruption [157508] Microsoft Windows up to Server 2019 Codecs Library memory corruption [156420] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [156419] Microsoft Windows up to Server 2019 LNK privilege escalation [156418] Microsoft Windows up to Server 2019 CAB File privilege escalation [156417] Microsoft Windows up to Server 2019 OLE Automation privilege escalation [156415] Microsoft Windows up to Server 2019 Media Foundation information disclosure [156414] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156413] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156412] Microsoft Windows up to Server 2019 Media Foundation memory corruption [156409] Microsoft Windows up to Server 2019 Kernel privilege escalation [156408] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156407] Microsoft Windows up to Server 2019 Kernel privilege escalation [156406] Microsoft Windows up to Server 2019 Kernel privilege escalation [156404] Microsoft Windows up to Server 2019 Kernel privilege escalation [156403] Microsoft Windows up to Server 2019 Kernel privilege escalation [156402] Microsoft Windows up to Server 2019 Win32k privilege escalation [156398] Microsoft Windows up to Server 2019 Win32k privilege escalation [156397] Microsoft Windows up to Server 2019 Kernel privilege escalation [156395] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156394] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156393] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156385] Microsoft Windows up to Server 2019 Windows Runtime information disclosure [156384] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156382] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [156380] Microsoft Windows up to Server 2019 Mobile Device Management privilege escalation [156378] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156377] Microsoft Windows up to Server 2019 Registry privilege escalation [156376] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [156375] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [156374] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156373] Microsoft Windows up to Server 2019 Kernel privilege escalation [156372] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156371] Microsoft Windows up to Server 2019 Session Manager privilege escalation [156369] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156368] Microsoft Windows up to Server 2019 Backup Service privilege escalation [156367] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [156365] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service denial of service [156364] Microsoft Windows up to Server 2019 Group Policy privilege escalation [156363] Microsoft Windows up to Server 2019 OpenSSH privilege escalation [156361] Microsoft Windows up to Server 2019 Win32k information disclosure [156359] Microsoft Windows up to Server 2019 Host Guardian Service information disclosure [156358] Microsoft Windows up to Server 2019 Error Reporting information disclosure [156356] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [156354] Microsoft Windows up to Server 2019 Diagnostics/Feedback Settings App information disclosure [156353] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [156352] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [156351] Microsoft Windows up to Server 2019 Store Runtime privilege escalation [156350] Microsoft Windows up to Server 2019 Kernel privilege escalation [156348] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [156347] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156346] Microsoft Windows up to Server 2019 Security Health Service privilege escalation [156327] Microsoft SharePoint Foundation 2010 SP2 cross site scripting [156324] Microsoft Office up to 2019 for Mac Outlook information disclosure [156323] Microsoft Excel up to 2019 for Mac memory corruption [156322] Microsoft Excel up to 2019 for Mac memory corruption [156319] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156318] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [156317] Microsoft Windows up to Server 2019 GDI privilege escalation [156316] Microsoft Windows up to Server 2019 Kernel privilege escalation [156315] Microsoft Windows up to Server 2019 GDI information disclosure [156314] Microsoft Windows up to Server 2019 Win32k privilege escalation [156313] Microsoft Windows up to Server 2019 GDI privilege escalation [156312] Microsoft Windows up to Server 2019 Graphics Component information disclosure [156311] Microsoft Windows up to Server 2019 Win32k privilege escalation [156310] Microsoft Windows up to Server 2019 DirectX privilege escalation [156309] Microsoft Windows up to Server 2019 Win32k privilege escalation [156302] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156301] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [156300] Microsoft Windows up to Server 2019 Diagnostics Hub Standard Collector privilege escalation [156299] Microsoft Azure DevOps Server 2019 Update 1/2019 Update 1.1 privilege escalation [155176] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155175] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155174] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155173] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155172] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155171] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155170] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155169] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155168] Microsoft Windows up to Server 2019 GDI information disclosure [155167] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155166] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155165] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155160] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155158] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155157] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155156] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155155] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155154] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [155153] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155151] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155149] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155148] Microsoft Windows up to Server 2019 Win32k privilege escalation [155147] Microsoft Windows up to Server 2019 GDI privilege escalation [155146] Microsoft Windows up to Server 2019 GDI information disclosure [155145] Microsoft Windows up to Server 2019 DirectX privilege escalation [155144] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155143] Microsoft Windows up to Server 2019 Storage Service privilege escalation [155142] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [155141] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [155140] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155139] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [155138] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155137] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155136] Microsoft Windows up to Server 2019 State Repository Service privilege escalation [155135] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155134] Microsoft Windows up to Server 2019 Clipboard Service privilege escalation [155133] Microsoft Windows up to Server 2019 TLS denial of service [155132] Microsoft Windows up to Server 2019 CSRSS information disclosure [155131] Microsoft Windows up to Server 2019 Kernel privilege escalation [155130] Microsoft Windows up to Server 2019 Task Scheduler weak authentication [155129] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [155127] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155126] Microsoft Windows up to Server 2019 Update Stack privilege escalation [155124] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155123] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155122] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [155121] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155120] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [155119] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [155118] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting [155115] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155114] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155112] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155111] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [155110] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155109] Microsoft Windows up to Server 2019 Printer Service privilege escalation [155108] Microsoft Windows up to Server 2019 privilege escalation [155107] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [155106] Microsoft Windows up to Server 2019 Windows Runtime privilege escalation [155105] Microsoft Windows up to Server 2019 memory corruption [155104] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [155103] Microsoft Windows up to Server 2019 information disclosure [155100] Microsoft Windows up to Server 2019 Media Service privilege escalation [155096] Microsoft Windows up to Server 2019 Script Runtime memory corruption [155092] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [155091] Microsoft Windows up to Server 2019 Win32k privilege escalation [155090] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [155089] Microsoft Windows up to Server 2019 Print Spooler privilege escalation [155087] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [155086] Microsoft Windows up to Server 2019 Block Level Backup Engine Service privilege escalation [155084] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [155082] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 information disclosure [155080] Microsoft Windows up to Server 2019 Graphics Component memory corruption [155079] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155078] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155077] Microsoft Windows up to Server 2019 Color Management ICM32.dll memory corruption [155072] Microsoft Windows up to Server 2019 Media Foundation memory corruption [155070] Microsoft SharePoint Enterprise Server 2016/2019 Source Markup privilege escalation [155069] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 ASP.Net Web Control memory corruption [155068] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [155067] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 Source Markup privilege escalation [153289] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [153286] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153284] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153281] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153280] Microsoft Windows up to Server 2019 Push Notification Service information disclosure [153279] Microsoft Windows up to Server 2019 User-Mode Power Service privilege escalation [153278] Microsoft Windows up to Server 2019 Update Client privilege escalation [153277] Microsoft Windows up to Server 2019 System Assessment Tool privilege escalation [153275] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153274] Microsoft Windows up to Server 2019 Kernel information disclosure [153273] Microsoft Windows up to Server 2019 Push Notification Service privilege escalation [153272] Microsoft Windows up to Server 2019 Kernel privilege escalation [153270] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153269] Microsoft Windows up to Server 2019 Kernel privilege escalation [153268] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153266] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153265] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153264] Microsoft Windows up to Server 2019 DNS denial of service [153263] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153261] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153259] Microsoft Windows up to Server 2019 Update Stack privilege escalation [153257] Microsoft Windows up to Server 2019 privilege escalation [153256] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153254] Microsoft Office/SharePoint/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption [153244] Microsoft Windows up to Server 2019 GDI+ memory corruption [153243] Microsoft Windows up to Server 2019 Win32k information disclosure [153242] Microsoft Office up to 2019 Access Connectivity Engine memory corruption [153241] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153240] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153239] Microsoft Windows up to Server 2019 Kernel information disclosure [153237] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153236] Microsoft Windows up to Server 2019 GDI information disclosure [153234] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153233] Microsoft Windows up to Server 2019 Media Foundation information disclosure [153232] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153230] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [153229] Microsoft Windows up to Server 2019 Notification Service privilege escalation [153227] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153225] Microsoft Windows up to Server 2019 Scheduled Task privilege escalation [153223] Microsoft Windows up to Server 2019 WpcDesktopMonSvc privilege escalation [153214] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153213] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [153212] Microsoft Windows up to Server 2019 Kernel privilege escalation [153210] Microsoft Visual Studio up to 2019 Version 16.5 Extension Installer Service privilege escalation [153209] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.4/2019 16.5 Updater Service privilege escalation [153207] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [153206] Microsoft Windows up to Server 2019 DirectX privilege escalation [153204] Microsoft Windows up to Server 2019 information disclosure [153203] Microsoft Windows up to Server 2019 privilege escalation [153200] Microsoft Windows up to Server 2019 Graphics Component information disclosure [153198] Microsoft Windows up to Server 2019 Win32k memory corruption [153196] Microsoft Windows up to Server 2019 Win32k memory corruption [153195] Microsoft Windows up to Server 2019 DirectX privilege escalation [153194] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [153190] Microsoft Windows up to Server 2019 Codecs Library memory corruption [153189] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153188] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153187] Microsoft Windows up to Server 2019 Media Foundation memory corruption [153185] Microsoft Windows up to Server 2019 Hyper-V memory corruption [153181] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153180] Microsoft Windows up to Server 2019 Adobe Font Manager Library privilege escalation [153176] Microsoft Windows up to Server 2019 Graphics Component memory corruption [153175] Microsoft Windows up to Server 2019 Graphics memory corruption [152075] Microsoft Windows up to Server 2019 Type 1 Font Parser privilege escalation [151174] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151173] Microsoft Exchange Server 2016 CU14/2016 CU15/2019 CU3/2019 CU4 cross site scripting [151171] Microsoft Windows 10 1607/Server 2016 Graphics Component privilege escalation [151170] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151169] Microsoft Windows up to Server 2019 Hardlink privilege escalation [151164] Microsoft Windows up to Server 2019 Win32k privilege escalation [151163] Microsoft Windows up to Server 2019 Graphics Component information disclosure [151162] Microsoft Visual Studio up to 2017 Version 15.9/2019 version 16.4 weak encryption [151161] Microsoft Windows up to Server 2019 GDI information disclosure [151160] Microsoft Windows up to Server 2019 GDI information disclosure [151158] Microsoft Windows up to Server 2019 Win32k privilege escalation [151157] Microsoft Windows up to Server 2019 Win32k information disclosure [151156] Microsoft Windows up to Server 2019 GDI information disclosure [151154] Microsoft Windows up to Server 2019 Network Connections Service information disclosure [151153] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151152] Microsoft Windows up to Server 2019 Update Orchestrator Service privilege escalation [151151] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151150] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151149] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151147] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [151146] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151145] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [151141] Microsoft Windows up to Server 2019 Imaging information disclosure [151139] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [151138] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151136] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151135] Microsoft Windows up to Server 2019 Hard Link privilege escalation [151132] Microsoft Windows up to Server 2019 Media Foundation information disclosure [151130] Microsoft Azure DevOps Server 2019 Update 1.1 Pipeline Job Token privilege escalation [151129] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151127] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [151114] Microsoft Visual Studio up to 2019 Version 16.4 Extension Installer Service privilege escalation [151113] Microsoft Windows up to Server 2019 Win32k privilege escalation [151112] Microsoft Windows up to Server 2019 Background Intelligent Transfer Service privilege escalation [151110] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [151109] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151108] Microsoft Windows up to Server 2019 UPnP Service privilege escalation [151106] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [151104] Microsoft Windows up to Server 2019 Work Folder Service privilege escalation [151103] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [151102] Microsoft Windows up to Server 2019 Error Reporting information disclosure [151101] Microsoft Windows up to Server 2019 GDI information disclosure [151100] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151099] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [151098] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151097] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [151096] Microsoft Windows up to Server 2019 CSC Service privilege escalation [151095] Microsoft Windows up to Server 2019 Defender privilege escalation [151091] Microsoft Windows up to Server 2019 DirectX privilege escalation [151088] Microsoft Office 2016 for Mac/2019/Online Server Word memory corruption [151078] Microsoft Windows up to Server 2019 GDI+ memory corruption [151077] Microsoft Windows up to Server 2019 GDI+ memory corruption [151064] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151063] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151062] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151061] Microsoft Windows up to Server 2019 Media Foundation memory corruption [151060] Microsoft Windows up to Server 2019 lnk File privilege escalation [149969] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [149968] Microsoft Office up to 2019 Excel memory corruption [149967] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149966] Microsoft Windows up to Server 2019 Key Isolation Service information disclosure [149963] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149961] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149960] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149959] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149958] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149957] Microsoft Windows up to Server 2019 Graphics Component information disclosure [149956] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149955] Microsoft Windows up to Server 2019 GDI memory corruption [149954] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149953] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149952] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149951] Microsoft Windows up to Server 2019 Connected Devices Platform Service privilege escalation [149950] Microsoft Windows up to Server 2019 privilege escalation [149949] Microsoft Windows up to Server 2019 tapisrv.dll privilege escalation [149947] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149945] Microsoft Windows 10/10 1607/Server 2016 DirectX privilege escalation [149944] Microsoft Windows up to Server 2019 Win32k privilege escalation [149943] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149942] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [149941] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [149940] Microsoft Windows up to Server 2019 Win32k privilege escalation [149939] Microsoft Windows up to Server 2019 Win32k privilege escalation [149938] Microsoft Windows up to Server 2019 Win32k privilege escalation [149937] Microsoft Windows up to Server 2019 Win32k privilege escalation [149936] Microsoft Windows up to Server 2019 Win32k privilege escalation [149935] Microsoft Windows up to Server 2019 Win32k privilege escalation [149934] Microsoft Windows up to Server 2019 Win32k privilege escalation [149933] Microsoft Windows up to Server 2019 Win32k privilege escalation [149932] Microsoft Windows up to Server 2019 Win32k information disclosure [149931] Microsoft Windows up to Server 2016 Win32k information disclosure [149930] Microsoft Windows up to Server 2019 Graphics Component privilege escalation [149929] Microsoft Windows up to Server 2019 DirectX information disclosure [149928] Microsoft Windows 10/Server 2016 DirectX privilege escalation [149927] Microsoft Windows up to Server 2019 Imaging Library memory corruption [149926] Microsoft Windows up to Server 2019 IME privilege escalation [149923] Microsoft Windows up to Server 2019 Network Driver Interface Specification information disclosure [149922] Microsoft Windows up to Server 2019 Wireless Network Manager privilege escalation [149921] Microsoft Windows up to Server 2019 Backup Service privilege escalation [149920] Microsoft Windows up to Server 2019 Client License Service privilege escalation [149919] Microsoft Windows up to Server 2019 Telephony Service information disclosure [149917] Microsoft Office up to 2019 Security Feature privilege escalation [149915] Microsoft SharePoint Enterprise Server 2013 P1/2016/2019 cross site scripting [149914] Microsoft Exchange Server 2013 CU23/2016 CU14/2016 CU15/2019 CU3/2019 CU4 Exchange Web Services privilege escalation [149913] Microsoft Windows up to Server 2019 Win32k privilege escalation [149910] Microsoft Windows up to Server 2019 Windows Installer privilege escalation [149909] Microsoft Windows up to Server 2019 COM Server privilege escalation [149907] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149906] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149905] Microsoft Windows up to Server 2019 Function Discovery Service privilege escalation [149904] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [149903] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149902] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149901] Microsoft Windows up to Server 2019 Key Isolation Service memory corruption [149900] Microsoft Windows up to Server 2019 Kernel privilege escalation [149899] Microsoft Windows up to Server 2019 Kernel privilege escalation [149898] Microsoft Windows up to Server 2019 Kernel privilege escalation [149897] Microsoft Windows up to Server 2019 Kernel privilege escalation [149896] Microsoft Windows up to Server 2019 Kernel privilege escalation [149895] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149894] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [149893] Microsoft Windows up to Server 2019 Active Directory privilege escalation [149891] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [149890] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [149889] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [149888] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [149887] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [149886] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [149884] Microsoft Windows up to Server 2019 Media Foundation memory corruption [149883] Microsoft Windows up to Server 2019 LNK privilege escalation [149882] Microsoft Windows up to Server 2019 memory corruption [149881] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149880] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [149312] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [149039] Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication [148654] Microsoft Windows up to Server 2019 Memory Section privilege escalation [148653] Microsoft Windows up to Server 2019 Win32k privilege escalation [148652] Microsoft Windows up to Server 2019 Media Service privilege escalation [148651] Microsoft Windows up to Server 2019 Update Notification Manager privilege escalation [148649] Microsoft Windows up to Server 2019 Symbolic Link privilege escalation [148648] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [148637] Microsoft Windows up to Server 2019 Windows Search Indexer privilege escalation [148634] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [148631] Microsoft Windows Server 2016/Server 2019 Remote Desktop Gateway privilege escalation [148629] Microsoft Windows up to Server 2019 Hard Link privilege escalation [148627] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [148618] Microsoft Office up to 2019 for Mac memory corruption [148617] Microsoft Excel up to 2019 for Mac memory corruption [148616] Microsoft Excel up to 2019 for Mac memory corruption [148614] Microsoft Windows up to Server 2019 GDI+ information disclosure [148613] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148611] Microsoft Windows up to Server 2016 Graphics Component information disclosure [148610] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [148609] Microsoft Windows up to Server 2019 Win32k information disclosure [148608] Microsoft Windows up to Server 2019 Graphics Component information disclosure [148607] Microsoft Windows up to Server 2019 CryptoAPI Crypt32.dll weak authentication [146927] Microsoft Skype for Business Server 2019 CU2 privilege escalation [146924] Microsoft Windows up to Server 2019 Defender memory corruption [146920] Microsoft Visual Studio 2019 Redirect [146879] Microsoft Windows up to Server 2019 OLE privilege escalation [146878] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [146874] Microsoft Windows 10 1809/Server 2019 Printer Service privilege escalation [146873] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [146872] Microsoft Windows up to Server 2019 Kernel information disclosure [146871] Microsoft Windows up to Server 2019 Kernel information disclosure [146870] Microsoft Windows up to Server 2019 Hyper-V information disclosure [146869] Microsoft Windows up to Server 2019 GDI information disclosure [146868] Microsoft Windows up to Server 2019 GDI information disclosure [146867] Microsoft Windows up to Server 2019 GDI information disclosure [146866] Microsoft Office up to 2019 Excel information disclosure [146865] Microsoft Office up to 2019 Access information disclosure [146864] Microsoft Office up to 2019 PowerPoint privilege escalation [146863] Microsoft Office up to 2019 Word privilege escalation [146862] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [146861] Microsoft Office up to 2019 Access information disclosure [146858] Microsoft Windows up to Server 2019 Win32k information disclosure [146857] Microsoft Windows up to Server 2016 Win32k privilege escalation [146855] Microsoft Windows up to Server 2019 Win32k Graphics privilege escalation [145418] Microsoft Office 2016/2019 on Mac Excel privilege escalation [145412] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145402] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145400] Microsoft Office up to 2019 Excel memory corruption [145398] Microsoft Office up to 2019 Excel information disclosure [145396] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 Upload privilege escalation [145395] Microsoft SharePoint Server 2019 Security Feature privilege escalation [145394] Microsoft Windows up to Server 2019 Win32k information disclosure [145393] Microsoft Windows up to Server 2019 GDI information disclosure [145390] Microsoft Windows up to Server 2019 Win32k information disclosure [145388] Microsoft Windows up to Server 2012 R2 Win32k privilege escalation [145386] Microsoft Windows up to Server 2012 R2 DirectWrite information disclosure [145385] Microsoft Visual Studio 2017 15.9/2019 16.0/2019 16.3 Archive privilege escalation [145384] Microsoft Windows up to Server 2019 NetLogon Security Feature privilege escalation [145382] Microsoft Windows up to Server 2019 iphlpsvc.dll privilege escalation [145380] Microsoft Windows up to Server 2019 Modules Installer Service information disclosure [145379] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145377] Microsoft Windows up to Server 2019 Installer privilege escalation [145375] Microsoft Windows up to Server 2012 R2 OpenType Font Driver ATMFD.dll information disclosure [145374] Microsoft Windows up to Server 2019 DirectWrite information disclosure [145373] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [145372] Microsoft Windows up to Server 2019 Win32k privilege escalation [145370] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [145368] Microsoft Office up to 2019 information disclosure [145367] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145366] Microsoft Windows up to Server 2019 Win32k privilege escalation [145365] Microsoft Windows up to Server 2019 Win32k privilege escalation [145364] Microsoft Windows up to Server 2019 Win32k privilege escalation [145363] Microsoft Windows up to Server 2019 Win32k privilege escalation [145362] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Kernel privilege escalation [145361] Microsoft Windows up to Server 2019 privilege escalation [145360] Microsoft Windows up to Server 2019 Certificate Dialog privilege escalation [145359] Microsoft Windows up to Server 2019 AppX Deployment Extension privilege escalation [145358] Microsoft Windows up to Server 2019 Netlogon privilege escalation [145357] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [145356] Microsoft Windows up to Server 2019 ActiveX Installer Service privilege escalation [145355] Microsoft Windows up to Server 2019 Servicing Stack information disclosure [145353] Microsoft Windows 10 1809/10 1903/Server 2019 Data Sharing Service privilege escalation [145352] Microsoft Windows up to Server 2019 Error Reporting information disclosure [145350] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [145349] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145348] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [145346] Microsoft Windows up to Server 2019 Kernel information disclosure [145345] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145344] Microsoft Windows up to Server 2019 privilege escalation [145343] Microsoft Exchange Server 2013 CU23/2016 CU13/2016 CU14/2019 CU2/2019 CU3 Metadata privilege escalation [145340] Microsoft Windows up to Server 2019 OpenType Font Parser memory corruption [145334] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145333] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [145332] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [145331] Microsoft Windows up to Server 2019 Hyper-V Switch privilege escalation [143118] Microsoft Windows up to Server 2019 IIS memory corruption [143113] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143112] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [143103] Microsoft Windows up to Server 2019 Error Reporting Manager privilege escalation [143102] Microsoft Windows up to Server 2019 Power Service umpo.dll privilege escalation [143101] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [143100] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143098] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client information disclosure [143097] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143096] Microsoft Windows up to Server 2019 Kernel information disclosure [143095] Microsoft Excel up to 2019 for Mac memory corruption [143091] Microsoft Excel up to 2019 for Mac memory corruption [143090] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [143089] Microsoft Windows up to Server 2019 rdbss.sys memory corruption [143088] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Update Client privilege escalation [143084] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143083] Microsoft Windows up to Server 2019 TLS information disclosure [143082] Microsoft Windows up to Server 2019 Hardlink privilege escalation [143081] Microsoft Windows up to Server 2019 Setup privilege escalation [143080] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [143077] Microsoft Windows up to Server 2019 Imaging API memory corruption [143076] Microsoft Windows 10 1703/10 1709/10 1803/Server 1803/Server 2019 Hyper-V privilege escalation [143075] Microsoft Windows up to Server 2019 NTLM MIC weak authentication [143071] Microsoft Windows up to Server 2019 MS XML XML External Entity [143063] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141633] Microsoft Excel up to 2019 memory corruption [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure [141630] Microsoft Windows up to Server 2019 memory corruption [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation [141627] Microsoft Windows up to Server 2019 GDI information disclosure [141626] Microsoft Windows up to Server 2019 Win32k privilege escalation [141621] Microsoft Windows up to Server 2019 Kernel information disclosure [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation [141613] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 Outlook Web App privilege escalation [141611] Microsoft Office up to 2019 Security Feature privilege escalation [141610] Microsoft Excel up to 2019 information disclosure [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation [141606] Microsoft Windows up to Server 2019 Win32k privilege escalation [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [141603] Microsoft Windows up to Server 2019 GDI information disclosure [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [141590] Microsoft Windows up to Server 2019 Text Service Framework privilege escalation [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 memory corruption [141583] Microsoft Lync Server 2013 Conference information disclosure [141581] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure [141579] Microsoft Windows up to Server 2016 DirectX information disclosure [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation [141566] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 API privilege escalation [141565] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 API privilege escalation [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup privilege escalation [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service [139965] Microsoft Windows up to Server 2019 Kernel information disclosure [139964] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol privilege escalation [139960] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139958] Microsoft Windows up to Server 2019 DHCP Server memory corruption [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll XML External Entity [139942] Microsoft Windows up to Server 2019 rpcss.dll privilege escalation [139941] Microsoft Windows up to Server 2019 DirectX privilege escalation [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k privilege escalation [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation [139932] Microsoft Windows up to Server 2019 Kernel privilege escalation [139931] Microsoft Windows up to Server 2019 File Signature Security Feature 7PK Security Features [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation [139928] Microsoft Windows up to Server 2019 Kernel privilege escalation [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser XML External Entity [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch privilege escalation [139911] Microsoft Windows up to Server 2019 memory corruption [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption [139907] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139906] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139902] Microsoft Word up to 2019 memory corruption [139901] Microsoft Outlook up to 2019 memory corruption [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [139891] Microsoft Windows up to Server 2019 Font Library privilege escalation [139890] Microsoft Windows up to Server 2019 Font Library privilege escalation [139889] Microsoft Windows up to Server 2019 Font Library privilege escalation [139888] Microsoft Windows up to Server 2019 Font Library privilege escalation [139887] Microsoft Windows up to Server 2019 Font Library privilege escalation [139886] Microsoft Windows up to Server 2019 Font Library privilege escalation [139880] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch privilege escalation [139877] Microsoft Outlook up to 2019 memory corruption [139876] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [139875] Microsoft Windows up to Server 2019 Remote Desktop Service DejaBlue privilege escalation [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137562] Microsoft Windows up to Server 2019 Win32k information disclosure [137561] Microsoft Windows up to Server 2019 GDI information disclosure [137560] Microsoft Windows up to Server 2019 GDI information disclosure [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation [137549] Microsoft Windows up to Server 2016 DLL privilege escalation [137544] Microsoft Windows up to Server 2019 Kernel information disclosure [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation [137541] Microsoft Windows up to Server 2019 privilege escalation [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [137539] Microsoft Windows up to Server 2016 DirectX privilege escalation [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature 7PK Security Features [137537] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation [137533] Microsoft Windows up to Server 2019 SymCrypt privilege escalation [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption [137512] Microsoft Windows up to Server 2019 DHCP memory corruption [136414] Microsoft Azure DevOps Server 2019 cross site request forgery [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc information disclosure [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [136344] Microsoft Windows up to Server 2019 GDI information disclosure [136340] Microsoft Windows up to Server 2019 GDI information disclosure [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation [136335] Microsoft Windows up to Server 2019 NTLM 7PK Security Features [136334] Microsoft Windows up to Server 2019 Kernel information disclosure [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136329] Microsoft SharePoint Server 2016/2019 cross site scripting [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [136327] Microsoft Lync Server 2010/2013 privilege escalation [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136323] Microsoft Windows up to Server 2019 memory corruption [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136319] Microsoft Windows up to Server 2019 Security Credentials 7PK Security Features [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation [136317] Microsoft Windows up to Server 2019 Win32k privilege escalation [136314] Microsoft Windows up to Server 2019 Win32k privilege escalation [136312] Microsoft Windows up to Server 2019 GDI information disclosure [136310] Microsoft Windows up to Server 2019 GDI information disclosure [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service 7PK Security Features [136296] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [136287] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136286] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136285] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136284] Microsoft Windows up to Server 2019 Kernel privilege escalation [136276] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V privilege escalation [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption [136273] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [134744] Microsoft Windows up to Server 2019 GDI information disclosure [134743] Microsoft SharePoint Server 2013 SP1/2016 privilege escalation [134742] Microsoft SharePoint Enterprise Server 2016/2019 privilege escalation [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 7PK Security Features [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 privilege escalation [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [134736] Microsoft Office 2010 SP2 Access Connectivity Engine Data Processing Error [134735] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134734] Microsoft Office up to 2019 Access Connectivity Engine Data Processing Error [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134715] Microsoft Windows up to Server 2019 Win32k privilege escalation [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [134710] Microsoft Windows up to Server 2019 GDI information disclosure [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation [134704] Microsoft SQL Server 2017 Analysis Services information disclosure [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control 7PK Security Features [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys privilege escalation [134698] Microsoft Windows up to Server 2019 OLE privilege escalation [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133235] Microsoft Azure DevOps Server 2019 privilege escalation [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133232] Microsoft Azure DevOps Server 2019 cross site scripting [133229] Microsoft Azure DevOps Server 2019 privilege escalation [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [133204] Microsoft Office/Excel up to 2019 memory corruption [133203] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133202] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133201] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133200] Microsoft Office up to 2019 Access Connectivity Engine privilege escalation [133199] Microsoft Office 2010 SP2 Access Connectivity Engine privilege escalation [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access Data Processing Error [133196] Microsoft Windows up to Server 2019 Win32k information disclosure [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133192] Microsoft Windows up to Server 2019 OLE Automation memory corruption [133189] Microsoft Windows up to Server 2019 CSRSS privilege escalation [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation [133186] Microsoft Windows up to Server 2019 TCP/IP Stack information disclosure [133185] Microsoft Windows up to Server 2019 Win32k privilege escalation [133183] Microsoft Windows up to Server 2019 Win32k privilege escalation [133182] Microsoft Windows up to Server 2019 Win32k privilege escalation [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Data Processing Error [133180] Microsoft Windows up to Server 2019 MS XML XML External Entity [133179] Microsoft Windows up to Server 2019 MS XML XML External Entity [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys 7PK Security Features [133174] Microsoft Windows up to Server 2019 GDI+ memory corruption [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation [133166] Microsoft Windows up to Server 2019 MS XML XML External Entity [133165] Microsoft Windows up to Server 2019 MS XML XML External Entity [133164] Microsoft Windows up to Server 2019 MS XML XML External Entity [133163] Microsoft Windows up to Server 2019 MS XML XML External Entity [133162] Microsoft Windows up to Server 2019 MS XML XML External Entity [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting [131685] Microsoft Windows up to Server 2019 SMB information disclosure [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation [131681] Microsoft Windows up to Server 2019 Win32k privilege escalation [131679] Microsoft Windows up to Server 2019 Kernel information disclosure [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting [131674] Microsoft Windows up to Server 2019 Win32k information disclosure [131673] Microsoft Windows up to Server 2019 Kernel information disclosure [131672] Microsoft Windows up to Server 2019 GDI information disclosure [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure [131658] Microsoft Windows up to Server 2019 information disclosure [131657] Microsoft Windows up to Server 2019 memory corruption [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [131653] Microsoft Windows up to Server 2019 SMB information disclosure [131652] Microsoft Windows up to Server 2019 SMB information disclosure [131651] Microsoft Windows up to Server 2019 Kernel information disclosure [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [131649] Microsoft Windows up to Server 2019 Kernel privilege escalation [131648] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131644] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server privilege escalation [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption [131619] Microsoft Windows up to Server 2019 MS XML XML External Entity [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation [131329] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [131328] Microsoft Windows up to Server 2016 Kernel information disclosure [130832] Microsoft 2013 SP1 privilege escalation [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption [130823] Microsoft Office up to 2019 Connectivity Engine memory corruption [130822] Microsoft Office up to 2019 Connectivity Engine memory corruption [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure [130818] Microsoft Windows up to Server 2019 GDI information disclosure [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation [130814] Microsoft Windows up to Server 2019 privilege escalation [130809] Microsoft Windows up to Server 2019 Defender Firewall Security 7PK Security Features [130808] Microsoft Windows up to Server 2019 information disclosure [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure [130806] Microsoft Windows up to Server 2019 SMB Data Processing Error [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130803] Microsoft Windows up to Server 2019 SMB Data Processing Error [130802] Microsoft Windows up to Server 2019 Win32k information disclosure [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130799] Microsoft Windows up to Server 2016 Win32k privilege escalation [130798] Microsoft Windows up to Server 2019 GDI information disclosure [130797] Microsoft Windows up to Server 2019 GDI information disclosure [130796] Microsoft Windows up to Server 2019 GDI information disclosure [130793] Microsoft Windows up to Server 2019 GDI information disclosure [130792] Microsoft Windows up to Server 2019 HID information disclosure [130791] Microsoft Windows up to Server 2019 HID information disclosure [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting [129845] Microsoft Skype for Business 2015 CU 8 privilege escalation [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct memory corruption [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption [128761] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128760] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128759] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128758] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128757] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128756] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128755] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128754] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128753] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128752] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation [128749] Microsoft Windows up to Server 2019 Kernel information disclosure [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [128745] Microsoft Office up to 2019 Word Macro information disclosure [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting [128739] Microsoft Windows up to Server 2019 Kernel information disclosure [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation [128736] Microsoft Windows up to Server 2019 Kernel information disclosure [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure [128728] Microsoft Windows up to Server 2019 Kernel information disclosure [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation [128718] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V privilege escalation [127925] Microsoft SharePoint Enterprise Server 2016 cross site scripting [127881] Microsoft Windows 10 1809/Server 2019 memory corruption [127880] Microsoft Windows up to Server 2019 Win32k privilege escalation [127828] Microsoft Windows up to Server 2019 Win32k privilege escalation [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k information disclosure [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation [127824] Microsoft Excel up to 2019 information disclosure [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure [127821] Microsoft Windows up to Server 2019 Connected User Experiences/Telemetry Service privilege escalation [127820] Microsoft Windows up to Server 2019 Kernel privilege escalation [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data Data Processing Error [127817] Microsoft Excel up to 2019 information disclosure [127816] Microsoft Windows up to Server 2019 GDI information disclosure [127815] Microsoft Windows up to Server 2019 GDI information disclosure [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search information disclosure [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure [127806] Microsoft Outlook up to 2019 memory corruption [127805] Microsoft Excel up to 2019 memory corruption [127804] Microsoft Excel up to 2019 memory corruption [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption [127801] Microsoft Windows up to Server 2019 DNS Server memory corruption [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 privilege escalation [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji privilege escalation [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption [126744] Microsoft Office up to 2019 Word memory corruption [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 privilege escalation [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure [126736] Microsoft Windows up to Server 2019 Win32k privilege escalation [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX privilege escalation [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [126725] Microsoft Windows up to Server 2019 DirectX privilege escalation [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126718] Microsoft Windows up to Server 2016 Search privilege escalation [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 privilege escalation [126716] Microsoft Office up to 2019 Excel memory corruption [126714] Microsoft Windows up to Server 2019 PowerShell privilege escalation [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure [125121] Microsoft Windows up to Server 2019 DirectX information disclosure [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation [125113] Microsoft Windows up to Server 2019 Kernel privilege escalation [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy 7PK Security Features [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist 7PK Security Features [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation [125108] Microsoft Windows up to Server 2019 Filter Manager privilege escalation [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [125104] Microsoft SharePoint Enterprise Server 2016 privilege escalation [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View Data Processing Error [125099] Microsoft Office/Excel up to 2019 Protected View Data Processing Error [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation [125097] Microsoft Windows up to Server 2019 DirectX Graphics privilege escalation [125096] Microsoft Windows up to Server 2019 Win32k privilege escalation [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access privilege escalation [125093] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125092] Microsoft Windows up to Server 2019 Hyper-V privilege escalation [125091] Microsoft Windows up to Server 2019 MS XML XML External Entity [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx privilege escalation [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls privilege escalation [123995] Microsoft Lync 2011 on Mac Security Feature privilege escalation [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation [123874] Microsoft Windows up to Server 2016 Kernel information disclosure [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure [123868] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation [123849] Microsoft Windows up to Server 2016 SMB privilege escalation [123846] Microsoft Office 2016 on Win/Mac memory corruption [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File privilege escalation [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [123830] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation [123827] Microsoft Windows up to Server 2016 Image privilege escalation [123825] Microsoft Windows up to Server 2016 MSXML Parser XML External Entity [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [122887] Microsoft Office 2016 on Mac AutoUpdate privilege escalation [122886] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122885] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122884] Microsoft Windows up to Server 2016 Win32k privilege escalation [122883] Microsoft Windows up to Server 2016 DirectX Graphics privilege escalation [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure [122871] Microsoft PowerPoint 2010 SP2 memory corruption [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation [122848] Microsoft Windows Security Feature 2FA 7PK Security Features [122834] Microsoft Windows up to Server 2016 LNK privilege escalation [122825] Microsoft Windows up to Server 2016 Graphics privilege escalation [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption [121111] Microsoft Windows up to Server 2016 Kernel privilege escalation [121110] Microsoft Windows up to Server 2016 Wordpad 7PK Security Features [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll Data Processing Error [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [121098] Microsoft Office 2016/2016 C2R memory corruption [121092] Microsoft Windows up to Server 2016 FTP Server Data Processing Error [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Data Processing Error [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation [119474] Microsoft Windows up to Server 2016 GDI information disclosure [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys Data Processing Error [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119459] Microsoft Windows up to Server 2016 privilege escalation [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation [119456] Microsoft Windows up to Server 2016 Kernel information disclosure [119455] Microsoft Windows up to Server 2016 memory corruption [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy 7PK Security Features [119452] Microsoft Windows up to Server 2016 HIDParser privilege escalation [119448] Microsoft Windows up to Server 2016 Code Integrity Module privilege escalation [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys Data Processing Error [119436] Microsoft Windows up to Server 2016 privilege escalation [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [118120] Microsoft Office 2016 on Mac XML Data privilege escalation [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 cross site scripting [117560] Microsoft Exchange Server up to 2016 CU9 memory corruption [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117558] Microsoft Windows up to Server 2016 memory corruption [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure [117504] Microsoft Office 2010 SP2 information disclosure [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access privilege escalation [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure [117498] Microsoft Office 2016 C2R Security Feature 7PK Security Features [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB privilege escalation [117443] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [116132] Microsoft Office 2016 Memory information disclosure [116051] Microsoft SharePoint Enterprise Server 2016 privilege escalation [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 privilege escalation [116049] Microsoft SharePoint Enterprise Server 2013/2016 Redirect [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem privilege escalation [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll privilege escalation [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share privilege escalation [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol Data Processing Error [116031] Microsoft Windows up to Server 2016 Kernel information disclosure [116030] Microsoft Windows up to Server 2016 SNMP Service Data Processing Error [116026] Microsoft Windows up to Server 2016 Kernel information disclosure [116024] Microsoft Windows up to Server 2016 HTTP.sys privilege escalation [116023] Microsoft Office up to 2016 C2R information disclosure [116022] Microsoft Excel 2010 SP2 memory corruption [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory 7PK Security Features [116019] Microsoft Windows up to Server 2016 Kernel information disclosure [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116017] Microsoft Excel up to 2016 C2R memory corruption [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics privilege escalation [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R Data Processing Error [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption [116008] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116007] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116006] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116005] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116004] Microsoft Windows up to Server 2016 Graphics Data Processing Error [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [115804] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114573] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake information disclosure [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation [114562] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114560] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114559] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114558] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114557] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114556] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114555] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114554] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114553] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114552] Microsoft SharePoint Enterprise Server 2016 privilege escalation [114551] Microsoft Excel up to 2016 C2R Security Feature 7PK Security Features [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys 7PK Security Features [114547] Microsoft Windows up to Server 2016 Kernel information disclosure [114546] Microsoft Windows up to Server 2016 Kernel information disclosure [114545] Microsoft Windows up to Server 2016 Kernel information disclosure [114544] Microsoft Windows up to Server 2016 Kernel information disclosure [114543] Microsoft Windows up to Server 2016 Kernel information disclosure [114542] Microsoft Windows up to Server 2016 Kernel information disclosure [114541] Microsoft Windows up to Server 2016 Kernel information disclosure [114540] Microsoft Windows up to Server 2016 Kernel information disclosure [114536] Microsoft Windows up to Server 2016 CredSSP weak authentication [114535] Microsoft Windows up to Server 2016 Hyper-V privilege escalation [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation [114530] Microsoft Windows up to Server 2016 GDI privilege escalation [114529] Microsoft Windows up to Server 2016 GDI privilege escalation [114527] Microsoft Windows up to Server 2016 Kernel information disclosure [114526] Microsoft Windows up to Server 2016 Kernel information disclosure [114525] Microsoft Windows up to Server 2016 Kernel information disclosure [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation [114518] Microsoft Windows up to Server 2016 Remote Assistance XML External Entity [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service [113260] Microsoft Windows up to Server 2016 Kernel privilege escalation [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation [113254] Microsoft Windows up to Server 2016 Kernel information disclosure [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113252] Microsoft Windows up to Server 2016 Kernel privilege escalation [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel privilege escalation [113249] Microsoft Windows up to Server 2016 Kernel privilege escalation [113248] Microsoft Windows up to Server 2016 Kernel information disclosure [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation [113242] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113241] Microsoft Windows up to Server 2016 Common Log File System Driver privilege escalation [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure [113232] Microsoft Excel 2016 privilege escalation [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption [111580] Microsoft Office 2016 on Mac Email Attachment privilege escalation [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting [111567] Microsoft Office 2010/2013/2016 memory corruption [111564] Microsoft Word 2016 memory corruption [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request privilege escalation [111358] Microsoft Windows up to Server 2016 IPsec memory corruption [110553] Microsoft Office 2016 C2R information disclosure [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation [110551] Microsoft Excel 2016 C2R memory corruption [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation [110547] Microsoft Windows up to Server 2016 its:/ Protocol information disclosure [110531] Microsoft Windows 10/Server 2016 Device Guard 7PK Security Features [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery [109389] Microsoft Excel 2016 Click-to-Run memory corruption [109360] Microsoft Windows up to Server 2016 Windows Search Data Processing Error [107759] Microsoft Windows up to Server 2016 SMB privilege escalation [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [107753] Microsoft Windows 10/Server 2016 SMB Data Processing Error [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll privilege escalation [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure [107740] Microsoft Windows up to Server 2016 Graphics privilege escalation [107739] Microsoft Windows up to Server 2016 Graphics privilege escalation [107738] Microsoft Windows up to Server 2016 Search information disclosure [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [107730] Microsoft Windows up to Server 2016 Search Remote privilege escalation [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting [107724] Microsoft Windows up to Server 2016 Text Services Framework privilege escalation [107723] Microsoft Windows up to Server 2016 SMB information disclosure [107698] Microsoft Office 2016 memory corruption [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [106529] Microsoft PowerPoint 2016 memory corruption [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption [106498] Microsoft Windows up to Server 2016 Shell privilege escalation [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow information disclosure [106474] Microsoft Office 2016 memory corruption [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne privilege escalation [106470] Microsoft Excel 2011 on Mac memory corruption [106455] Microsoft Exchange Server 2013/2016 information disclosure [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting [105017] Microsoft Windows up to Server 2016 Error Reporting privilege escalation [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V privilege escalation [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption [105010] Microsoft Windows up to Server 2016 Win32k privilege escalation [105009] Microsoft Windows up to Server 2016 Input Method Editor Data Processing Error [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption [104989] Microsoft Windows up to Server 2016 NetBIOS Data Processing Error [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation [104583] Microsoft Outlook up to 2016 C2R Email privilege escalation [104582] Microsoft Outlook up to 2016 C2R Object information disclosure [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Redirect [103446] Microsoft Windows up to Server 2016 Search privilege escalation [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation [103444] Microsoft Windows up to Server 2016 Explorer privilege escalation [103442] Microsoft Windows 10/Server 2016 HoloLens privilege escalation [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure [103431] Microsoft Windows up to Server 2016 PowerShell privilege escalation [103429] Microsoft Windows up to Server 2016 Kerberos privilege escalation [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA cross site scripting [103420] Microsoft Windows up to Server 2016 Kerberos weak authentication [103417] Microsoft Windows up to Server 2016 Windows Shell 7PK Security Features [102463] Microsoft Project Server 2013 SP1 cross site scripting [102460] Microsoft Outlook 2016 on Mac HTML privilege escalation [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting [102446] Microsoft Office up to 2016 Data Processing Error [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 Data Processing Error [102443] Microsoft Office up to 2016 Data Processing Error [102412] Microsoft Windows up to Server 2016 PDF privilege escalation [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation [102386] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption [102385] Microsoft Windows up to Server 2016 Font Library memory corruption [102376] Microsoft Windows up to Server 2016 CAB File Data Processing Error [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords privilege escalation [101817] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption [101815] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101814] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption [101812] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101811] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101810] Microsoft Windows up to Server 2016 Malware Protection Engine Data Processing Error [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [101019] Microsoft Skype for Business 2016 Data Processing Error [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 Data Processing Error [101016] Microsoft PowerPoint 2011 on Mac memory corruption [101015] Microsoft PowerPoint 2011 on Mac memory corruption [101014] Microsoft Office 2010 SP2/2016 Data Processing Error [101013] Microsoft Office 2010 SP2/2016 privilege escalation [101002] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101001] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [101000] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100999] Microsoft Windows up to Server 2016 SMBv1 Server Data Processing Error [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service memory corruption [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory 7PK Security Features [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator privilege escalation [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive privilege escalation [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation [98096] Microsoft Exchange 2013 SP1 cross site scripting [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 information disclosure [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure [98089] Microsoft Office Web Apps 2013 SP1 memory corruption [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [98081] Microsoft Excel up to 2016 information disclosure [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [98079] Microsoft Word 2016 memory corruption [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component memory corruption [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component privilege escalation [98069] Microsoft Windows up to Server 2012 R2 Color Management privilege escalation [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 denial of service [98017] Microsoft Windows up to Server 2016 PDF memory corruption [98015] Microsoft Windows 10/Server 2016 Hyper-V privilege escalation [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch privilege escalation [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document memory corruption [94451] Microsoft Office 2011 memory corruption [94447] Microsoft Office 2010 SP2 memory corruption [94446] Microsoft Office 2016 memory corruption [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader Data Processing Error [94443] Microsoft Office up to 2016 information disclosure [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation [93964] Microsoft Windows 7 Excel Starter 2010 XML External Entity [93543] Microsoft SQL Server 2016 FILESTREAM Path information disclosure [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation [93415] Microsoft SQL Server 2016 MDS API cross site scripting [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation [93393] Microsoft Office up to 2016 memory corruption [93392] Microsoft Office up to 2016 memory corruption [93391] Microsoft Office up to 2016 memory corruption [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation [92584] Microsoft Office up to 2016 memory corruption [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting [91555] Microsoft Exchange 2013/2016 Link privilege escalation [91550] Microsoft Office 2016 memory corruption [91547] Microsoft Office 2010 memory corruption [91543] Microsoft Office up to 2016 memory corruption [91541] Microsoft Office 2013/2016 APP-V 7PK Security Features [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation [90704] Microsoft Office 2013/2013 RT/2016 memory corruption [89043] Microsoft Office up to 2016 memory corruption [89041] Microsoft Office up to 2016 memory corruption [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature 7PK Security Features [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption [87961] Microsoft Windows up to Server 2012 R2 Search privilege escalation [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server memory corruption [87936] Microsoft Office up to 2016 privilege escalation [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell privilege escalation [87149] Microsoft Office up to 2016 memory corruption [87148] Microsoft Office 2010 Graphics privilege escalation [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption [82229] Microsoft Excel 2010 SP2 Office Document memory corruption [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation [81274] Microsoft Office up to 2016 memory corruption [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library privilege escalation [81269] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [81268] Microsoft Windows up to Server 2012 R2 Media Parser privilege escalation [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service privilege escalation [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation [80870] Microsoft Office up to 2016 memory corruption [80868] Microsoft Office up to 2016 memory corruption [80867] Microsoft Office up to 2016 memory corruption [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader privilege escalation [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader privilege escalation [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption [80231] Microsoft Excel up to 2016 Office Document memory corruption [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting [80218] Microsoft Office up to 2016 ASLR information disclosure [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [80216] Microsoft Office up to 2016 Office Document memory corruption [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting [79508] Microsoft Windows up to Server 2012 R2 Library Loader privilege escalation [79500] Microsoft Office 2010/2011/2016 memory corruption [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure [79117] Microsoft Outlook 2011/2016 on Mac HTML cross site scripting [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting [77638] Microsoft Lync Server 2013 cross site scripting [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access information disclosure [77050] Microsoft Office up to 2016 memory corruption [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service Data Processing Error [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption [75793] Microsoft Exchange Server 2013 CU8 cross site scripting [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery [75791] Microsoft Office 2013 SP1 Office Document Data Processing Error [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document Data Processing Error [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V privilege escalation [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting [74835] Microsoft Office 2011 on Mac cross site scripting [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting [73967] Microsoft Office up to 2013 SP1 Office File Data Processing Error [73966] Microsoft Office up to 2013 SP1 RTF File denial of service [73965] Microsoft Office up to 2013 SP1 memory corruption [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service [69160] Microsoft Windows up to Server 2012 Process privilege escalation [69156] Microsoft Office 2010 Object denial of service [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting [58487] Microsoft SharePoint Foundation 2010 cross site scripting [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting [55777] Microsoft Windows Movie Maker 2.6 memory corruption [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption [54341] Microsoft Windows Movie Maker 2.1 privilege escalation [68417] Microsoft Exchange 2013 Outlook Web Access privilege escalation [68191] Microsoft SharePoint 2010 cross site scripting [67518] Microsoft Lync 2013 denial of service [67517] Microsoft Lync 2013 Script Reflected cross site scripting [67516] Microsoft Lync 2010/2013 privilege escalation [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call denial of service [67360] Microsoft SharePoint 2013 App Permission Management privilege escalation [66976] Microsoft Access 2010 VBA denial of service [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption [13547] Microsoft Lync 2010/2013 Meeting cross site scripting [13228] Microsoft Office 2013 Document information disclosure [12311] Microsoft Lync 2010 Search privilege escalation [12263] Microsoft Windows up to Server 2012 Direct2D memory corruption [12238] Microsoft Windows 8/RT/Server 2012 IPv6 privilege escalation [12185] Microsoft .NET Framework 2/4 HMAC weak authentication [11673] Microsoft Windows Live Movie Maker 2011 WAV File privilege escalation [11468] Microsoft Exchange 2010/2013 cross site scripting [11466] Microsoft Office 2013 File Response information disclosure [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value privilege escalation [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication [10250] Microsoft SharePoint Server up to 2013 W3WP Process privilege escalation [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow privilege escalation [10248] Microsoft SharePoint Server up to 2013 cross site scripting [9943] Microsoft Windows Server 2012 NAT Driver memory corruption [8739] Microsoft Windows Essentials up to 2012 Windows Writer privilege escalation [8725] Microsoft Lync 2010/2013 memory corruption [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys memory corruption [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting [8203] Microsoft Windows up to 2012 AD LDAP Query privilege escalation [8200] Microsoft SharePoint Server 2013 ACL privilege escalation [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser information disclosure [7968] Microsoft SharePoint Server 2010 SP1 Input Validator memory corruption [7967] Microsoft SharePoint Server 2010 SP1 User Account directory traversal [7966] Microsoft SharePoint Server 2010 SP1 cross site scripting [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback privilege escalation [7343] Microsoft Lync 2012 HTTP Format String [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS privilege escalation [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File denial of service [6831] Microsoft Office Picture Manager 2010 File memory corruption [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting [5641] Microsoft SharePoint 2010 cross site scripting [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting [4414] Microsoft SharePoint 2010 cross site scripting [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS information disclosure MITRE CVE - https://cve.mitre.org: [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability." [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability." [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability." [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability." [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability." [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability." [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability." [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability." [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability." [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability." [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability." [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability." [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability." [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability." [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability." [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability." [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009. [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010. [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability." [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability." [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability." [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1 [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability." [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability." [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability." [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability." [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability." [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability." [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability." [CVE-2011-3413] Microsoft PowerPoint 2007 SP2 [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability." [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability." [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability." [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability." [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability." [CVE-2011-1990] Microsoft Excel 2007 SP2 [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability." [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability." [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability." [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability." [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability." [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability." [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability." [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability." [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability." [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability." [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability." [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010 [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability." [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability." [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability." [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1275] Microsoft Excel 2002 SP3 [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability." [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability." [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability." [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability." [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010 [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability." [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability." [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability." [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability." [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability." [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability." [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability." [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability." [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability." [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2 [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2 [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010 [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc. [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1 [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143. [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability." [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability." [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability." [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability." [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability." [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability." [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability." [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability." [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute. [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability." [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2 [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability." [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability." [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability." [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2 [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2 [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability." [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability." [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability." [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249. [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability." [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245. [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability." [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2 [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2 [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability." [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability." [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability." [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability." [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability." [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session. [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability." [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4 [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability." [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4 [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability." [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file. [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET. [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability." [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability." [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability." [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability." [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability." [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information. [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability." [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability." [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3 [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability." [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability." [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability." [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability." [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability." [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2 [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability." [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability." [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability." [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability." [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability." [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability." [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability." [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA) [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability." [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak. [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227. [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2 [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability." [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability." [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability." [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128. [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability." [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability." [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability." [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow. [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1 [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2 [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability." [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137. [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability." [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692. [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability." [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability." [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability." [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability." [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories. [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum. [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs. [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring. [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability." [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3 [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability." [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1 [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3 [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2 [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1 [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call. [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1 [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption. [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026. [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944. [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898. [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument. [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038 [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4 [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4 [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4 [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4 [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user. [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765 [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456. [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009. [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651. [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability. [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation." [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493. [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086. [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538. [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122. [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file. [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters. [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability." [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy. [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name. [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information. [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document. [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability". [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post. [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests. [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application. [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message. [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed. [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values. [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control. [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval. [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745. [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled. [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag. [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content. [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection. [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed. [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445. [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response. [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability." [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability." [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability." [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability." [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability." [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability." [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability." [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability." [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability." [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability." [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability." [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability." [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability." [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document. [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document. [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010. [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write. [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write. [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed. [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design." [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product. [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3. [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response. [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. SecurityFocus - https://www.securityfocus.com/bid/: [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability [43419] Microsoft Excel 2002 Memory Corruption Vulnerability [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities [22716] Microsoft Office 2003 Denial of Service Vulnerability [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability [10307] Microsoft Outlook 2003 Predictable File Location Weakness [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability [3146] Microsoft Windows 2000 System File Replacement Vulnerability [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability [2326] Microsoft Windows 2000 RDP DoS Vulnerability [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability [1350] Microsoft Windows 2000 Windows Station Access Vulnerability [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability [1197] Microsoft Office 2000 UA Control Vulnerability [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability [945] Microsoft SMS 2.0 Default Permissions Vulnerability [539] Microsoft Windows 2000 EFS Vulnerability [180] Microsoft Windows April Fools 2001 Vulnerability [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities [66016] Microsoft March 2014 Notification Multiple Vulnerabilities [65426] Microsoft February 2014 Notification Multiple Vulnerabilities [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability IBM X-Force - https://exchange.xforce.ibmcloud.com: [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed [53980] Microsoft Windows 2000 License Logging Server buffer overflow [53601] Microsoft Office 2008 for Mac user ID 502 security bypass [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service [50759] Microsoft Windows 2000 Active Directory LDAP code execution [48595] Microsoft Word 2007 Email as PDF information disclosure [46102] Microsoft Windows 2003 SP2 is not installed on the system [46101] Microsoft Windows 2003 SP1 is not installed on the system [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed [34634] Microsoft Windows Server 2003 Active Directory information disclosure [34599] Microsoft Windows Server 2003 terminal server security bypass [34473] Microsoft Office 2000 ActiveX control buffer overflow [33713] Microsoft Word 2007 multiple unspecified denial of service [33712] Microsoft Word 2007 wwlib.dll buffer overflow [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed [31821] Microsoft Windows time zone update for year 2007 [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure [29546] Microsoft Windows 2000/2003 user logoff initiated [29545] Microsoft Windows 2000/2003 system time changed [29544] Microsoft Windows 2000/2003 system security access removed [29543] Microsoft Windows 2000/2003 security access granted [29542] Microsoft Windows 2000/2003 SAM notification package loaded [29541] Microsoft Windows 2000/2003 primary security token issued [29540] Microsoft Windows 2000/2003 user password reset successful [29539] Microsoft Windows 2000/2003 object indirectly accessed [29538] Microsoft Windows 2000/2003 object handle duplicated [29537] Microsoft Windows 2000/2003 logon with explicit credentials success [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed [29532] Microsoft Windows 2000/2003 IKE security association established [29531] Microsoft Windows 2000/2003 IKE quick mode association ended [29530] Microsoft Windows 2000/2003 IKE main mode association ended [29529] Microsoft Windows 2000/2003 IKE association negotiation failed [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected [29522] Microsoft Windows 2000/2003 administrative group security descriptor set [29521] Microsoft Windows 2000/2003 account name changed [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting [26118] Microsoft Office 2003 mailto: information disclosure [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA [24473] Microsoft Windows 2000 event ID 565 not logged [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion [24402] Microsoft Windows 2000 Terminal Service client IP not logged [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed [22183] Microsoft Exchange Server 2003 public folder denial of service [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service [19727] Microsoft Windows 2000 GDI32.DLL denial of service [19629] Microsoft Exchange Server 2003 folder denial of service [17826] Microsoft Outlook 2003 CID security bypass [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow [17621] Microsoft Windows 2003 SMTP service code execution [17560] Microsoft Windows 2000 and XP GDI library denial of service [17521] Microsoft Windows 2000 Service Pack 4 is not installed [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege [16907] Microsoft Windows 2003 users with Create global objects privilege [16905] Microsoft Windows 2003 users or groups with Create global objects privilege [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service [16704] Microsoft Windows 2000 Media Player control code execution [16582] Microsoft Windows Server 2003 kernel CPU denial of service [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege [16570] Microsoft Windows 2003 Users with Create global objects privilege [16564] Microsoft Windows 2003 Groups with Create global objects privilege [16562] Microsoft Windows 2003 Groups with " [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege [16520] Microsoft Windows 2003 Create global objects privilege [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone [16119] Microsoft Outlook 2000 URL spoofing [16104] Microsoft Outlook 2003 predictable file location could allow code execution [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation [15414] Microsoft Outlook 2002 mailto URL allows execution of code [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service [15038] Microsoft Windows 2000 Server Windows Media Services denial of service [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow [13426] Microsoft Windows 2000 and XP RPC race condition [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow [13385] Microsoft Windows Server 2003 " [13211] Microsoft Windows 2000 and XP URG memory leak [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow [12489] Microsoft Windows 2000 Server Active Directory buffer overflow [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled [11901] Microsoft BizTalk Server 2002 SQL injection [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges [11216] Microsoft Windows NT and 2000 command prompt denial of service [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails [10843] Microsoft Windows 2000 and XP SMB signing group policy modification [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges [9779] Microsoft Windows 2000 weak system partition permissions [9752] Microsoft Windows 2000 Service Pack 3 is not installed [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow [9625] Microsoft Windows 2000 Narrator allows login information to be audible [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank " [8867] Microsoft Windows 2000 LanMan denial of service [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow [8739] Microsoft Windows 2000 DCOM memory leak [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail [8402] Microsoft Windows 2000 allows an attacker to bypass password policy [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow [8199] Microsoft Windows 2000 Terminal Services unlocked client [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden [8037] Microsoft Windows 2000 empty TCP packet denial of service [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses [7533] Microsoft Windows 2000 RunAs service denial of service [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication [7531] Microsoft Windows 2000 RunAs service reveals sensitive information [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service [7409] Microsoft Windows 2000 and Windows XP GDI denial of service [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service [7008] Microsoft Windows 2000 IrDA device denial of service [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service [6931] Microsoft Windows 2000 without Service Pack 2 [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service [6876] Microsoft Windows 2000 could allow an attacker to change network passwords [6803] Microsoft Windows 2000 SMTP service allows mail relaying [6745] Microsoft Windows 2000 LDAP function could allow domain user password change [6669] Microsoft Windows 2000 Telnet system call denial of service [6668] Microsoft Windows 2000 Telnet handle leak denial of service [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service [6666] Microsoft Windows 2000 Telnet username denial of service [6665] Microsoft Windows 2000 Telnet service weak domain authentication [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges [6652] Microsoft Exchange 2000 OWA script execution [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges [6506] Microsoft Windows 2000 Server Kerberos denial of service [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes [6160] Microsoft Windows 2000 event viewer buffer overflow [6136] Microsoft Windows 2000 domain controller denial of service [6035] Microsoft Windows 2000 Server RDP denial of service [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service [5585] Microsoft Windows 2000 brute force attack [5502] Microsoft Windows 2000 Indexing Services ixsso.query [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition [5263] Microsoft Office 2000 executes .dll without users knowledge [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness [5222] Microsoft Windows 2000 malformed RPC packet denial of service [5203] Microsoft Windows 2000 still image service [5171] Microsoft Windows 2000 Local Security Policy corruption [5080] Microsoft Office 2000 HTML object tag buffer overflow [5033] Microsoft Windows 2000 without Service Pack 1 [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges [5015] Microsoft Windows NT and 2000 executable path [4887] Microsoft Windows 2000 Kerberos ticket renewed [4886] Microsoft Windows 2000 logon session reconnected [4885] Microsoft Windows 2000 logon session disconnected [4882] Microsoft Windows 2000 Kerberos pre-authentication failed [4873] Microsoft Windows 2000 user account mapped for logon [4872] Microsoft Windows 2000 account logon failed [4871] Microsoft Windows 2000 account used for logon [4855] Microsoft Windows 2000 group type change [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution [4823] Microsoft Windows 2000 Telnet server binary stream denial of service [4819] Microsoft Windows 2000 default SYSKEY configuration [4787] Microsoft Windows 2000 user account locked out [4786] Microsoft Windows 2000 computer account created [4785] Microsoft Windows 2000 computer account changed [4784] Microsoft Windows 2000 computer account deleted [4714] Microsoft Windows 2000 " [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack [4278] Microsoft Windows 2000 unattended install does not secure All Users profile [4138] Microsoft Windows 2000 system file integrity feature is disabled [4086] Microsoft Windows 2000 may not start Jaz drives correctly [4085] Microsoft Windows 2000 non-Gregorial calendar error [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML [4082] Microsoft Windows 2000 and Iomega parallel port drives display error [4080] Microsoft Windows 2000 AOL image support [4079] Microsoft Windows 2000 High Encryption Pack [3854] Microsoft Office 2000 security setting [1376] Microsoft Proxy 2.0 denial of service [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed [17004] Microsoft Windows XP Service Pack 2 is not installed on the system [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission [9146] Microsoft Passport SDK 2.1 events reporting disabled [9068] Microsoft Passport SDK 2.1 registry default permission exposure [9067] Microsoft Passport SDK 2.1 default test site exposure [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure [9064] Microsoft Passport SDK 2.1 default time window exposure [1271] Microsoft IIS version 2 installed [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests Exploit-DB - https://www.exploit-db.com: [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2) [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1) [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability [26517] Microsoft Office PowerPoint 2007 - Crash PoC [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2) [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1) [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness [24101] Microsoft Outlook 2003 Predictable File Location Weakness [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2) [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1) [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2) [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1) [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2) [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1) [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2) [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1) [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2) [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1) [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability" [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability [18334] Microsoft Office 2003 Home/Pro 0day [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow [18078] Microsoft Excel 2003 11.8335.8333 Use After Free [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit" [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll) [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll) [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll) [12450] Microsoft SharePoint Server 2007 XSS Vulnerability [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit [3690] microsoft office word 2007 - Multiple Vulnerabilities [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day) [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french) [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian) [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french) [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067 [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness [22850] Microsoft Office OneNote 2010 Crash PoC [22679] Microsoft Visio 2010 Crash PoC [22655] Microsoft Publisher 2013 Crash PoC [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability [22330] Microsoft Office Excel 2010 Crash PoC [22310] Microsoft Office Publisher 2010 Crash PoC [22237] Microsoft Office Picture Manager 2010 Crash PoC [22215] Microsoft Office Word 2010 Crash PoC [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx) [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll) OpenVAS (Nessus) - http://www.openvas.org: [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458) [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X) [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) SecurityTracker - https://www.securitytracker.com: [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host OSVDB - http://www.osvdb.org: [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow [34489] Microsoft Office 2003 Malformed WMF File Handling DoS [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption [28539] Microsoft Word 2000 Unspecified Code Execution [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure [19993] Microsoft Windows 2000 LDAPS CA Trust Issue [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS [15338] Microsoft Windows Server 2003 Terminal Session Close DoS [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure [14617] Microsoft Exchange Server 2003 Folder Handling DoS [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password [13761] Microsoft Exchange 2000 Malformed URL Request DoS [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation [13424] Microsoft Windows 2000 Current Password Change Policy Bypass [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS [11712] Microsoft ISA Server 2000 H.323 Filter Overflow [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow [8243] Microsoft SMS Port 2702 DoS [7202] Microsoft PowerPoint 2000 File Loader Overflow [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS [6965] Microsoft ISA Server 2000 SSL Packet DoS [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS [6515] Microsoft Windows 2000 Domain Expired Account Authentication [5179] Microsoft Windows 2000 microsoft-ds DoS [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS [4168] Microsoft Outlook 2002 mailto URI Script Injection [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass [2244] Microsoft Windows 2000 ShellExecute() API Let [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure [1764] Microsoft Windows 2000 Domain Controller DoS [1758] Microsoft Windows 2000 Network DDE Escalated Privileges [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS [1672] Microsoft Windows 2000 Telnet Session Timeout DoS [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow [1621] Microsoft Indexing Services for Windows 2000 .htw XSS [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS [1399] Microsoft Windows 2000 Windows Station Access [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution [1297] Microsoft Windows 2000 Active Directory Object Attribute [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow [773] Microsoft Windows 2000 Group Policy File Lock DoS [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution http-server-headerMicrosoft-HTTPAPI/2.0 | ||||||
| Address | Port | Protocol | Service | Product | Version | CPE | Extra info |
|---|---|---|---|---|---|---|---|
| 192.168.2.20 | 135 | tcp | msrpc | Microsoft Windows RPC | cpe:/o:microsoft:windows | ||
| 192.168.2.20 | 139 | tcp | netbios-ssn | Microsoft Windows netbios-ssn | cpe:/o:microsoft:windows | ||
| 192.168.2.20 | 445 | tcp | microsoft-ds | ||||
| 192.168.2.20 | 2179 | tcp | vmrdp | ||||
| 192.168.2.20 | 5357 | tcp | http | Microsoft HTTPAPI httpd | 2.0 | cpe:/o:microsoft:windows | SSDP/UPnP |